Bugtraq mailing list archives
Debian: Security flaw in FSP
From: vanja () SIAMRELAY COM (Vanja Hrustic)
Date: Sat, 28 Nov 1998 16:37:01 -0500
This was posted on Freshmeat.net two days ago. Haven't seen it on Bugtraq. "The fsp package introduces a possible security flaw. When the fsp package is installed it adds the ftp user without prompting the admin. This can enable anonymous FTP if you use the standard ftp or wu-ftpd as your FTP daemon. If you have have installed fsp and a FTP daemon and do not want to have anonymous FTP enabled you should remove the ftp account. Please note that if you use proftpd as the FTP daemon this flaw will not affect you, since it required one to enable anonymous FTP manually. There are fixed packages available (2.71-10) which *do not* remove the FTP user, you will have to do this manually." ftp://ftp.debian.org/pub/debian/dists/proposed-updates/ Vanja Hrustic Information Systems Manager Siam Relay Ltd. Phone: +662-713-5130 Fax: +662-713-5132 http://www.siamrelay.com - Siam Relay Ltd. - Security & E-Commerce http://safer.siamrelay.com - Security Alert For Enterprise Resources
Current thread:
- Re: Netscape Communicator 4.5 can read local files, (continued)
- Re: Netscape Communicator 4.5 can read local files Ben Collins (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Terence Christopher Haddock (Nov 25)
- XFree86 3.3.3 Released Aleph One (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Trev (Nov 25)
- Re: Netscape Communicator 4.5 can read local files kpm (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Sven Carstens (Nov 25)
- Re: Netscape Communicator 4.5 can read local files Michael Teichmann (Nov 26)
- Re: Netscape Communicator 4.5 can read local files Trev (Nov 27)
- Java Redirect Bug - Netscpape 4.0[678] and 4.5 Keith Woodard (Nov 27)
- ipfwadm has pseudo-DoS ;) Domas Mituzas (Nov 28)
- Debian: Security flaw in FSP Vanja Hrustic (Nov 28)
- Debian: Security flaw in FSP David Damerell (Nov 30)
- RSI.0010a.11-29-98.IRIX.AUTOFSD RSI Advise (Nov 29)
- Re: Netscape Communicator 4.5 can read local files Todd C. Campbell (Nov 30)