On 09/07/2016 01:20 PM, Karsten Malcher wrote: > Am 07.09.2016 um 11:20 schrieb Stefan Hornburg (Racke): >> Hello Karsten, >> I think your report says it might be a bug in Pure-FTPd but I can't see >> really >> a justification to that. >> >> Fixed security problem: >> >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791420 >> >> Regards >> Racke >> > > Hello Racke, > > i reported definitely a security hole, because i could determine a hacker > intrusion over this FTP server. > After the FTP was disabled completely there was no security problem again. > > This FTP-server is used as standard FTP server in ISPConfig 3. > I never had any problems like this with ProFTPD. > > So my security advice for every user is to use another FTP server > or only activate Pure-FTPd for the use within a session. > > Regards > Karsten >
Hello Karsten, ok so let's reopen the bug and I'll ask the Pure-FTPd author for advice. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming.