Debian Bug report logs - #145669
proftpd: Apply a patch for reject non-listed users.

version graph

Package: proftpd; Maintainer for proftpd is (unknown);

Reported by: Jesus Climent <data@reypastor.hispalinux.es>

Date: Fri, 3 May 2002 10:48:09 UTC

Severity: wishlist

Tags: fixed-in-experimental, patch

Found in version 1.2.4-2

Done: Francesco Paolo Lovergine <frankie@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to Ivo Timmermans <ivo@debian.org>, proftpd@packages.qa.debian.org:
Bug#145669; Package proftpd. (full text, mbox, link).

Acknowledgement sent to Jesus Climent <data@reypastor.hispalinux.es>:
New Bug report received and forwarded. Copy sent to Ivo Timmermans <ivo@debian.org>, proftpd@packages.qa.debian.org. (full text, mbox, link).

Message #5 received at maintonly@bugs.debian.org (full text, mbox, reply):

From: Jesus Climent <data@reypastor.hispalinux.es>
To: Debian Bug Tracking System <maintonly@bugs.debian.org>
Subject: proftpd: Apply a patch for reject non-listed users.
Date: Fri, 03 May 2002 12:48:04 +0200
Package: proftpd
Version: 1.2.4-2
Severity: wishlist
Tags: patch

In the following address

http://www.castaglia.org/proftpd/patches/

There is a patch for rejecting non-listed users.

The patch successfully rejects users not listed in a customised passwd
file, enabling the security of avoiding valid ssh users to try (and
fail) an ftp login.

Since whithin a system where only valid ssh accounts exist but there is
an anonymous ftp server users can try to log, the passwd is sent in
unencrypted format.

The patch allows the admin to reject the login upon entering the
username, not even reaching the point where the passwd is sent.

Jesus Climent


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux reypastor 2.2.19HL3 #3 vie ago 10 20:15:31 CEST 2001 i686
Locale: LANG=spanish, LC_CTYPE=es_ES

Versions of packages proftpd depends on:
ii  adduser                       3.47       Add and remove users and groups
ii  debconf                       1.0.32     Debian configuration management sy
ii  libc6                         2.2.5-4    GNU C Library: Shared libraries an
ii  libpam0g                      0.72-35    Pluggable Authentication Modules l
ii  libssl0.9.6                   0.9.6c-2   SSL shared libraries
ii  libwrap0                      7.6-9      Wietse Venema's TCP wrappers libra
ii  netbase                       4.07       Basic TCP/IP networking system
hi  proftpd-common                1.2.4-2    Versatile, virtual-hosting FTP dae

Tags added: fixed-in-experimental Request was from Francesco Paolo Lovergine <frankie@debian.org> to control@bugs.debian.org. (full text, mbox, link).

Reply sent to Francesco Paolo Lovergine <frankie@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Jesus Climent <data@reypastor.hispalinux.es>:
Bug acknowledged by developer. (full text, mbox, link).

Message #12 received at 145669-done@bugs.debian.org (full text, mbox, reply):

From: Francesco Paolo Lovergine <frankie@debian.org>
To: 170306-done@bugs.debian.org, 186074-done@bugs.debian.org, 145669-done@bugs.debian.org, 212416-done@bugs.debian.org
Subject: housekeeping proftpd
Date: Mon, 3 Nov 2003 23:40:06 +0100
Experimental package now has been uploaded in sid. 
So closing fixed bugs.

-- 
Francesco P. Lovergine

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Sep 2 00:32:15 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.