I am running: CentOS release 5.7 (Final)
I have just had an intrusion on my server and I am trying to identify how the intruder got access.
It has been suggested to me that vsftpd-2.0.5 may have some security issues.
On checking vsftpd I find that vsftpd was updated to vsftpd-2.0.5 in August 2006 (5 years ago)
In March 2011 it was updated to version: vsftpd-2.3.4.
So, I decided that it was time I got the update.
[quote]yum update vsftpd[/quote]
returned
[quote]No Packages marked for Update[/quote]
Is it possible that Centos is 5 years behind with vsftpd ???
John C
vsftpd-2.0.5 over 5 years old
- WhatsHisName
- Posts: 1549
- Joined: 2005/12/19 20:21:43
- Location: /earth/usa/nj
vsftpd-2.0.5 over 5 years old
Read: [url=https://access.redhat.com/security/updates/backporting/?sc_cid=3093]Red Hat Backporting[/url]
Re: vsftpd-2.0.5 over 5 years old
Searching for 'vsftpd cve' shows a list of CVE numbers, the latest of which seems to be CVE-2011-0762. Running
[code]
rpm -q --changelog vsftpd | less
[/code]
shows this CVE number fixed on Thu Mar 03 2011.
[code]
rpm -q --changelog vsftpd | less
[/code]
shows this CVE number fixed on Thu Mar 03 2011.
Re: vsftpd-2.0.5 over 5 years old
What is your configuration are you explicitly listing allowed users, do you have SELinux enabled, what is your netfilter configuration look like?