Re: [fw-wiz] OT: FTP Servers

• Previous message: Bennett Todd: "[fw-wiz] Re: OT: FTP Servers"
• In reply to: John Smith: "[fw-wiz] OT: FTP Servers"
• Next in thread: Frank Knobbe: "Re: [fw-wiz] OT: FTP Servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: John Smith <john.smith@minolta-qms.com>
Date: Fri, 06 Jun 2003 22:54:37 +0200

John Smith wrote:
>
> I have been tasked to build a FTP server. I have selected the OS (a
> Unix variant that I know how to strip down to bare bones). The last
> time I built a Unix FTP server (roughly five years ago) I used WU-FTPD.
>
> My question is this: Is WU-FTPD still a good FTP server to use?

Though there haven't been any publicly announced vulnerabilities
in it for some time, parts of its code still scares me.

> If WU-FTPD is not a good FTP server to use or there are better (i.e.
> - more secure) servers out there, what would you suggest? The needs for
> the site are anonymous FTP, potentially some 'real' FTP users, and up to
> 500 simultaneous FTP connections. And of course the FTP server should
> be free. :-)

I'd look at vsftpd and pureftpd. They're both manageably small
while still doing everything the average site needs.

I _used_ to think highly of proftpd, but that was before featuritis
struck and the inevitable vulnerabilities followed. It's still on
the low side of vulnerability counts, but it's falling short of its
initial "very secure" goal.

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Bennett Todd: "[fw-wiz] Re: OT: FTP Servers"
• In reply to: John Smith: "[fw-wiz] OT: FTP Servers"
• Next in thread: Frank Knobbe: "Re: [fw-wiz] OT: FTP Servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities ... multiple security groups included an overview of several vulnerabilities ... ArgoSoft FTP Server ... In a simple unicode buffer overflow in the 'RNTO' command with an argument ... This vulnerability allows remote code execution. ... (Bugtraq) INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities ... multiple security groups included an overview of several vulnerabilities ... ArgoSoft FTP Server ... In a simple unicode buffer overflow in the 'RNTO' command with an argument ... This vulnerability allows remote code execution. ... (Vuln-Dev) [NT] Mollensoft FTP Server Buffer Overflow Vulnerabilities ... Latest attack techniques. ... Mollensoft FTP Server is "a simple to use FTP server", ... has been found to contain multiple security vulnerabilities that would ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) [NT] Multiple Vulnerabilities in NGC Active FTP Server (USER, CWD, LS, GET, MKDIR) ... Latest attack techniques. ... A simple FTP server for your personal needs. ... these vulnerabilities allow a remote attacker ... to cause the server to crash. ... (Securiteam) Vulnerabilities in EServ 2.97 ... There are a couple of vulnerabilities in EServ 2.97. ... After all ports from 1024 to 5000 are listening (after running ... This vulnerability is made even worse by the fact that the PASV command is ... The FTP server is vulnerable to the bounce attack. ... (NT-Bugtraq)