When an invalid attempt to login via wu-ftpd-2.6.0-1 is made, a mis-
formated line is written in /var/log/messages. Eg here are 4 lines, line 4
Sep 24 14:19:23 maisy ftpd: USER root
Sep 24 14:19:25 maisy ftpd: PASS password
Sep 24 14:19:25 maisy PAM_pwdb: authentication failure; (uid=0)
-> root for ftp service
Sep 24 14:19:26 maisy ftpd: hpim3384.jadpace.com: connected: IDLE
: failed login from hpim3384.jadpace.com [188.8.131.52]
The last line (timestamped "14:19:26") is mis-formated. It seems to have
had "hpim3384.jadpace.com: connected: IDLE" inserted after "ftpd:" and
Any ideas ?
I've verified that this still happens with the current version and I'm
looking into it.
In the mean time, we urge you to update to 2.6.1 or higher as found on
updates.redhat.com, since the version you're using has some known
major security problems.
Thanks for the suggestion.
Is wu-ftpd-2.6.0-14.6x good enough to fix the security issue ? If it's not good
enough could you please let me know and I'll load wu-ftpd-2_6_1-6_i386.rpm even
though it will also require the instalation of xinetd, libresolv.so.2, and
Only possible workarround in WU-FTPD is to use SPT_NONE if we're using PAM.
Close this ticket (there REALLY is nothing WU-FTPD can do about it).
*** Bug 22745 has been marked as a duplicate of this bug. ***