Re: FTP servers and security help
Paul, stay away from wu_ftpd. It might be a wonderful piece of software, it might do many things -- but it seems half the unix traffic on bugtraq is due to buffer overflows in wu_ftpd. A security hole was found in proftpd recently, but the patch (on bugtraq) is a one-line fix -- so I imagine the debian maintainer will have a patch out soon, if not already -- if you don't want to deal with compiling your own server. proftpd just seems nicer. :) On Sun, Sep 05, 1999 at 02:49:14PM -0400, Paul McHale wrote: I have debian installed and am very impressed. Apache is running. WU_FTP is running. Mostly through no fault of my own :). The installation did an excellent job ! My question regards previous mailings to this group discussing PRO_FTP and security issues. Which FTP server do you recommend ? I am new to FTP servers outside of windows. My concerns are security and administration/directory-user-control. many thanks in advance, paul -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
RE: FTP servers and security help
Thanks much for the advice. I am firewalling off FTP for now! I will wait for pro_ftp to get fixed. This coincides with what I have seen so far. Thanks for the input ! paul -Original Message- From: Seth R Arnold [mailto:[EMAIL PROTECTED] Sent: Sunday, September 05, 1999 8:20 PM To: Debian-User Subject: Re: FTP servers and security help Paul, stay away from wu_ftpd. It might be a wonderful piece of software, it might do many things -- but it seems half the unix traffic on bugtraq is due to buffer overflows in wu_ftpd. A security hole was found in proftpd recently, but the patch (on bugtraq) is a one-line fix -- so I imagine the debian maintainer will have a patch out soon, if not already -- if you don't want to deal with compiling your own server. proftpd just seems nicer. :) On Sun, Sep 05, 1999 at 02:49:14PM -0400, Paul McHale wrote: I have debian installed and am very impressed. Apache is running. WU_FTP is running. Mostly through no fault of my own :). The installation did an excellent job ! My question regards previous mailings to this group discussing PRO_FTP and security issues. Which FTP server do you recommend ? I am new to FTP servers outside of windows. My concerns are security and administration/directory-user-control. many thanks in advance, paul -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: FTP servers and security help
-BEGIN PGP SIGNED MESSAGE- On Sun, 5 Sep 1999, Seth R Arnold wrote: Paul, stay away from wu_ftpd. It might be a wonderful piece of software, it might do many things -- but it seems half the unix traffic on bugtraq is due to buffer overflows in wu_ftpd. A security hole was found in proftpd recently, but the patch (on bugtraq) is a one-line fix -- so I imagine the debian maintainer will have a patch out soon, if not already -- if you don't want to deal with compiling your own server. - From the changelog /usr/share/doc/proftpd/changelog.Debian.gz proftpd (1.2.0pre4-1) unstable; urgency=high * New upstream version, fixing remote root exploit. i _think_ this means the patch has already been applied and uploaded. - -- finger for PGP public key. -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBN9Mdhr7M/9WKZLW5AQFzuwP/Zmkj5Oi8s9+0R+PQkR5wgeEoY4aGxOHV jiawNuiNpp3Xmt7uKNK6Ix7qJiWjTEvuxBQYRSRMfrd6I2K2lhYrEgHYxsvOmdvL zl6OVbUrOSmYKLSU6ima5HljcWq/4u7X1hUE6DRrzwvLv42UDwoWOP4Nd8Q1Quj4 vlfRGw9qec8= =UKaS -END PGP SIGNATURE-
RE: FTP servers and security help
That was fast, thanks for the response !!! -Original Message- From: Brad [mailto:[EMAIL PROTECTED] Sent: Sunday, September 05, 1999 9:49 PM To: Seth R Arnold Cc: Debian-User Subject: Re: FTP servers and security help -BEGIN PGP SIGNED MESSAGE- On Sun, 5 Sep 1999, Seth R Arnold wrote: Paul, stay away from wu_ftpd. It might be a wonderful piece of software, it might do many things -- but it seems half the unix traffic on bugtraq is due to buffer overflows in wu_ftpd. A security hole was found in proftpd recently, but the patch (on bugtraq) is a one-line fix -- so I imagine the debian maintainer will have a patch out soon, if not already -- if you don't want to deal with compiling your own server. - From the changelog /usr/share/doc/proftpd/changelog.Debian.gz proftpd (1.2.0pre4-1) unstable; urgency=high * New upstream version, fixing remote root exploit. i _think_ this means the patch has already been applied and uploaded. - -- finger for PGP public key. -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBN9Mdhr7M/9WKZLW5AQFzuwP/Zmkj5Oi8s9+0R+PQkR5wgeEoY4aGxOHV jiawNuiNpp3Xmt7uKNK6Ix7qJiWjTEvuxBQYRSRMfrd6I2K2lhYrEgHYxsvOmdvL zl6OVbUrOSmYKLSU6ima5HljcWq/4u7X1hUE6DRrzwvLv42UDwoWOP4Nd8Q1Quj4 vlfRGw9qec8= =UKaS -END PGP SIGNATURE- -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: FTP servers and security help
Well, if it was released in the last two weeks or so, then thats the one! :) On Sun, Sep 05, 1999 at 08:48:49PM -0500, Brad wrote: -BEGIN PGP SIGNED MESSAGE- On Sun, 5 Sep 1999, Seth R Arnold wrote: Paul, stay away from wu_ftpd. It might be a wonderful piece of software, it might do many things -- but it seems half the unix traffic on bugtraq is due to buffer overflows in wu_ftpd. A security hole was found in proftpd recently, but the patch (on bugtraq) is a one-line fix -- so I imagine the debian maintainer will have a patch out soon, if not already -- if you don't want to deal with compiling your own server. - From the changelog /usr/share/doc/proftpd/changelog.Debian.gz proftpd (1.2.0pre4-1) unstable; urgency=high * New upstream version, fixing remote root exploit. i _think_ this means the patch has already been applied and uploaded. - -- finger for PGP public key. -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBN9Mdhr7M/9WKZLW5AQFzuwP/Zmkj5Oi8s9+0R+PQkR5wgeEoY4aGxOHV jiawNuiNpp3Xmt7uKNK6Ix7qJiWjTEvuxBQYRSRMfrd6I2K2lhYrEgHYxsvOmdvL zl6OVbUrOSmYKLSU6ima5HljcWq/4u7X1hUE6DRrzwvLv42UDwoWOP4Nd8Q1Quj4 vlfRGw9qec8= =UKaS -END PGP SIGNATURE- -- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
FTP servers and security help
I have debian installed and am very impressed. Apache is running. WU_FTP is running. Mostly through no fault of my own :). The installation did an excellent job ! My question regards previous mailings to this group discussing PRO_FTP and security issues. Which FTP server do you recommend ? I am new to FTP servers outside of windows. My concerns are security and administration/directory-user-control. many thanks in advance, paul