100631 – vsftpd login banner identifies daemon

Bug 100631 - vsftpd login banner identifies daemon

Summary: vsftpd login banner identifies daemon

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	vsftpd
Sub Component:
Version:	8.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bill Nottingham
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-07-23 19:24 UTC by Brad Spry
Modified:	2014-03-17 02:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-08-08 03:05:59 UTC
Embargoed:

Attachments	(Terms of Use)

Description Brad Spry 2003-07-23 19:24:13 UTC

Description of problem:
vsftpd's default config identifies the name of the daemon.

How reproducible:
very

Steps to Reproduce:
1. edit vsftpd.conf
2. ftpd_banner variable is commented out, causing condition
    
Additional info:

ftpd_banner= should be set with a single space after the equal sign, eliminating
any name identification for daemon.

Comment 1 Mark J. Cox 2003-07-25 07:18:35 UTC

Many daemons identify themselves and whilst it is good security practise to
remove idenitification history has shown that the majority of worms and exploits
simply ignore any identification when trying to exploit a particular
vulnerability.  I'm moving this to being an enhancement severity.

Comment 2 Bill Nottingham 2003-08-08 03:05:59 UTC

I doubt we'd change this local to Red Hat; perhaps you can convince the upstream
vsftpd package to change this behavior?

Note You need to log in before you can comment on or make changes to this bug.