effect of vsftpd not compiled against tcpwrappers
Results 1 to 4 of 4

Thread: effect of vsftpd not compiled against tcpwrappers

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    236

    effect of vsftpd not compiled against tcpwrappers

    I was reading how vsftpd was not compiled against tcpwrappers in the stock redhat 9.0. ISS Xforce says this is a medium risk and can lead to attacker gaining access to the server.

    I cannot understad this, doesnt tcpwrappers just provide an extra layer of security. I mean it is a way restrict ywho is allowed or not allowed to access the ftp daemon but even if it is not compiled against the tcpwrappers this still does not give you any privleges since you still have to authenticate with the ftp daemon.

    Any ideas why this is given a medium risk?
    That which does not kill me makes me stronger -- Friedrich Nietzche

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    hmm no ideas?
    That which does not kill me makes me stronger -- Friedrich Nietzche

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Good question. Read up on how inetd (or xinetd in the case of RH) uses tcpwrappers.
    Get OpenSolaris http://www.opensolaris.org/

  4. #4
    Member
    Join Date
    Sep 2002
    Posts
    74
    well as far as i know tcp wrappers take in all types data then filters it. so it sits in front of the damien and listens for all connections. someone please correct me if i'm wrong.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •