 | | Re: ProFTPd security vulnerabilities (was Re: vsftpd anonymous
upload configur | Re: ProFTPd security vulnerabilities (was Re: vsftpd anonymous
upload configur 2005-01-20 - By Ed Wilts
Back
On Thu, Jan 20, 2005 at 12:26:39PM -0500, nathan r. hruby wrote:
> On Thu, 20 Jan 2005, Ed Wilts wrote:
>
> >On Thu, Jan 20, 2005 at 05:55:04PM +0100, nodata wrote:
> >>I agree with most of your points, but it would be unfair not to mention
> >>that ProFTPd seems to be full of holes.
> >
> >What data do you have to back that up?
> >
>
> Oh hell..
>
> Gentlemen.. I'm asking very politely that if you must start a flameware
> about this, please do it off list.
I had thought about rewording my question but decided to keep it short.
If there are security vulnerabilities in ProFTPd, then they affect me
*today* and I'll follow up with the project developers.
If we have unsubstantiated rumors like "sendmail has security
vulnerabilities" or "wu-ftpd is full of holes" without current data,
then that gets weighted in differently.
I have no intention of participating in a flamewar. I'm a fact-finding
mission and that's all.
Have there been security vulnerabilities in the past? Of course -
some/most/all of them are clearly documented on the project's home page.
Are there more current vulernabilities? I don't know and that's what
I'm trying to find out.
There are security vulernabilities in software we use every day - I just
read about more RHEL kernel ones today. It's the exploitability and
currency of those vulnerabilities we're most concerned about. Of
course, a long-running active history doesn't help, but even vulnerable
software has improved over time.
--
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts@(protected)
Member #1, Red Hat Community Ambassador Program
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
Earn $52 per hosting referral at Lunarpages.
|
|
|