I was reading how vsftpd was not compiled against tcpwrappers in the stock redhat 9.0. ISS Xforce says this is a medium risk and can lead to attacker gaining access to the server.
I cannot understad this, doesnt tcpwrappers just provide an extra layer of security. I mean it is a way restrict ywho is allowed or not allowed to access the ftp daemon but even if it is not compiled against the tcpwrappers this still does not give you any privleges since you still have to authenticate with the ftp daemon.
Any ideas why this is given a medium risk?