February 24th, 2003, 07:14 PM
Turning off FTPchmodable
I am working through a scan and some servers that came up with vulnerabilities. One of them is on a HPUX 11.11 (sorry - not Linux me'ah) server that lists the exploit:
"FTPchmodable: FTP server allows the chmod command to be executed"
The remedy only states to "Configure your FTP server to not allow users to execute the chmod command"
What I have found so far is that we need to install & use the WU-FTP instead. Then once, we have WU-FTP we can edit /etc/ftpd/ftpaccess to add:
"chmod no anonymous, guest, real"
But is there another or better way?
February 27th, 2003, 09:29 PM
Never mind. I found what I was looking for with this one. I tracked it down at:
Just put in the error and bada-bing. I cross-referenced with the vendor. It depends on what version of the HPUX OS your system would be running, and depending on that, would hook you up with WU-FTP or the equivalent that then can be edited as stated originally by the remedy.