ProFTPd 1.2.2 as the solution recommendeded...and even after
upgrading to proftpd 1.2.5rc1???
. Vulnerability
found on port ftp (21/tcp) :
The
remote FTP server seems to be vulnerable to an exhaustion
attack
which may makes it consume all available memory on the remote
host
when it receive the command :
NLST /../*/../*/../*/../*/../*/../*/../*/../*/../*/../
Solution
: upgrade to ProFTPd 1.2.2 if the remote server is proftpd,
or
contact your vendor for a patch.
Risk
factor : High
. Warning found
on port ftp (21/tcp)
The
FTP service allows anonymous logins. If you do not
want to share data with anyone you do not know, then you should deactivate
the anonymous account, since it can only cause troubles.
Under most Unix system, doing :
echo ftp >> /etc/ftpusers
will correct this.
Risk factor : Low
CVE
: CAN-1999-0497
. Information found
on port ftp (21/tcp)
Remote
FTP server banner :
proftpd 1.2.5rc1 server (proftpd - bell canada restricted access)
