Bug 100631 - vsftpd login banner identifies daemon
vsftpd login banner identifies daemon
Status: CLOSED UPSTREAM
Product: Red Hat Linux
Classification: Retired
Component: vsftpd (Show other bugs)
8.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Mike McLean
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-07-23 15:24 EDT by Brad Spry
Modified: 2014-03-16 22:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-08-07 23:05:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Brad Spry 2003-07-23 15:24:13 EDT
Description of problem:
vsftpd's default config identifies the name of the daemon.

How reproducible:
very

Steps to Reproduce:
1. edit vsftpd.conf
2. ftpd_banner variable is commented out, causing condition
    
Additional info:

ftpd_banner= should be set with a single space after the equal sign, eliminating
any name identification for daemon.
Comment 1 Mark J. Cox (Product Security) 2003-07-25 03:18:35 EDT
Many daemons identify themselves and whilst it is good security practise to
remove idenitification history has shown that the majority of worms and exploits
simply ignore any identification when trying to exploit a particular
vulnerability.  I'm moving this to being an enhancement severity.
Comment 2 Bill Nottingham 2003-08-07 23:05:59 EDT
I doubt we'd change this local to Red Hat; perhaps you can convince the upstream
vsftpd package to change this behavior?

Note You need to log in before you can comment on or make changes to this bug.