Bug 17807

Summary: some wu-ftpd syslog messages mis-formated
Product: [Retired] Red Hat Linux Reporter: Declan Mullen <declan>
Component: wu-ftpdAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-03-16 12:18:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Declan Mullen 2000-09-24 04:28:23 UTC 
When an invalid attempt to login via wu-ftpd-2.6.0-1 is made, a mis-
formated line is written in /var/log/messages. Eg here are 4 lines, line 4 
is mis-formated:

    Sep 24 14:19:23 maisy ftpd[18136]: USER root
    Sep 24 14:19:25 maisy ftpd[18136]: PASS password
    Sep 24 14:19:25 maisy PAM_pwdb[18136]: authentication failure; (uid=0) 
-> root for ftp service 
    Sep 24 14:19:26 maisy ftpd: hpim3384.jadpace.com: connected: IDLE 
[18136]: failed login from hpim3384.jadpace.com [203.44.127.139]

The last line (timestamped "14:19:26") is mis-formated. It seems to have 
had "hpim3384.jadpace.com: connected: IDLE" inserted after "ftpd:" and 
before "[18136]:".

Any ideas ?
Comment 1 Bernhard Rosenkraenzer 2000-09-24 09:05:37 UTC 
I've verified that this still happens with the current version and I'm
looking into it.
In the mean time, we urge you to update to 2.6.1 or higher as found on
updates.redhat.com, since the version you're using has some known
major security problems.
Comment 2 Declan Mullen 2000-09-24 11:28:43 UTC 
Thanks for the suggestion. 

Is wu-ftpd-2.6.0-14.6x good enough to fix the security issue ? If it's not good 
enough could you please let me know and I'll load wu-ftpd-2_6_1-6_i386.rpm even 
though it will also require the instalation of xinetd, libresolv.so.2, and 
libc.so.6(GLIBC_2.2).
Comment 3 WU-FTPD Development Group 2001-03-12 21:39:35 UTC 
PAM bug.

Only possible workarround in WU-FTPD is to use SPT_NONE if we're using PAM.

Close this ticket (there REALLY is nothing WU-FTPD can do about it).
Comment 4 Bernhard Rosenkraenzer 2001-03-16 12:17:56 UTC 
*** Bug 22745 has been marked as a duplicate of this bug. ***