Package: proftpd-basic Version: 1.3.3a-6squeeze1 Severity: grave Tags: security Justification: user security hole
/etc/proftpd/ldap.conf contains passwords and should therefore not be world readable per default. I think the same applies to other vuser backends -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.0.0-1-686-pae (SMP w/2 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
