Remote code execution vulnerability in ProFTPD
Remote code execution vulnerability in ProFTPD
Posted Dec 2, 2006 11:34 UTC (Sat) by Wills (guest, #1813)In reply to: Remote code execution vulnerability in ProFTPD by Dom2
Parent article: Remote code execution vulnerability in ProFTPD
ProFTPD -- the new wu-ftpd!Ironically, security was one of the main reasons for writing proftpd, so said its author:
Why yet another FTP daemon?That was in 1998 for proftpd-1.0.3 which came with more than one fully functioning remote code-execution vulnerability. Some things never change.
ProFTPD grew out of the desire to have a secure and configurable FTP server, and out of a significant admiration of the [3]Apache web server. There are currently a very limited number of FTP servers running on unix (or unix-like) hosts. The most commonly used server is probably wu-ftpd. While wu-ftpd provides excellent performance and is generally a good product, it lacks numerous features found in newer Win32 FTP servers, and has a poor security history.