Red Hat Bugzilla – Bug 100631
vsftpd login banner identifies daemon
Last modified: 2014-03-16 22:37:39 EDT
Description of problem:
vsftpd's default config identifies the name of the daemon.
Steps to Reproduce:
1. edit vsftpd.conf
2. ftpd_banner variable is commented out, causing condition
ftpd_banner= should be set with a single space after the equal sign, eliminating
any name identification for daemon.
Many daemons identify themselves and whilst it is good security practise to
remove idenitification history has shown that the majority of worms and exploits
simply ignore any identification when trying to exploit a particular
vulnerability. I'm moving this to being an enhancement severity.
I doubt we'd change this local to Red Hat; perhaps you can convince the upstream
vsftpd package to change this behavior?