vsftpd-2.0.5 over 5 years old

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
countrydj
Posts: 6
Joined: 2011/02/08 00:40:46
Contact:

vsftpd-2.0.5 over 5 years old

Post by countrydj » 2011/11/17 16:25:38

I am running: CentOS release 5.7 (Final)
I have just had an intrusion on my server and I am trying to identify how the intruder got access.
It has been suggested to me that vsftpd-2.0.5 may have some security issues.
On checking vsftpd I find that vsftpd was updated to vsftpd-2.0.5 in August 2006 (5 years ago)
In March 2011 it was updated to version: vsftpd-2.3.4.

So, I decided that it was time I got the update.
[quote]yum update vsftpd[/quote]
returned
[quote]No Packages marked for Update[/quote]

Is it possible that Centos is 5 years behind with vsftpd ???

John C

User avatar
WhatsHisName
Posts: 1547
Joined: 2005/12/19 20:21:43
Location: /earth/usa/nj

vsftpd-2.0.5 over 5 years old

Post by WhatsHisName » 2011/11/17 16:37:54

Read: [url=https://access.redhat.com/security/updates/backporting/?sc_cid=3093]Red Hat Backporting[/url]

User avatar
TrevorH
Forum Moderator
Posts: 29171
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd-2.0.5 over 5 years old

Post by TrevorH » 2011/11/17 18:29:14

Searching for 'vsftpd cve' shows a list of CVE numbers, the latest of which seems to be CVE-2011-0762. Running

[code]
rpm -q --changelog vsftpd | less
[/code]

shows this CVE number fixed on Thu Mar 03 2011.

grifs71
Posts: 157
Joined: 2007/10/02 05:15:38
Location: Arkansas, United States

Re: vsftpd-2.0.5 over 5 years old

Post by grifs71 » 2012/01/03 16:01:49

What is your configuration are you explicitly listing allowed users, do you have SELinux enabled, what is your netfilter configuration look like?

Post Reply

Return to “CentOS 5 - Server Support”