On 09/07/2016 01:20 PM, Karsten Malcher wrote:
> Am 07.09.2016 um 11:20 schrieb Stefan Hornburg (Racke):
>> Hello Karsten,
>> I think your report says it might be a bug in Pure-FTPd but I can't see
>> really
>> a justification to that.
>>
>> Fixed security problem:
>>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791420
>>
>> Regards
>> Racke
>>
>
> Hello Racke,
>
> i reported definitely a security hole, because i could determine a hacker
> intrusion over this FTP server.
> After the FTP was disabled completely there was no security problem again.
>
> This FTP-server is used as standard FTP server in ISPConfig 3.
> I never had any problems like this with ProFTPD.
>
> So my security advice for every user is to use another FTP server
> or only activate Pure-FTPd for the use within a session.
>
> Regards
> Karsten
>
Hello Karsten,
ok so let's reopen the bug and I'll ask the Pure-FTPd author for advice.
Regards
Racke
--
Ecommerce and Linux consulting + Perl and web application programming.
