vsftpd-2.0.5 over 5 years old

Installing, Configuring, Troubleshooting server daemons such as Web and Mail

vsftpd-2.0.5 over 5 years old

Postby countrydj » 2011/11/17 16:25:38

I am running: CentOS release 5.7 (Final)
I have just had an intrusion on my server and I am trying to identify how the intruder got access.
It has been suggested to me that vsftpd-2.0.5 may have some security issues.
On checking vsftpd I find that vsftpd was updated to vsftpd-2.0.5 in August 2006 (5 years ago)
In March 2011 it was updated to version: vsftpd-2.3.4.

So, I decided that it was time I got the update.
yum update vsftpd

returned
No Packages marked for Update


Is it possible that Centos is 5 years behind with vsftpd ???

John C
countrydj
 
Posts: 5
Joined: 2011/02/08 00:40:46

vsftpd-2.0.5 over 5 years old

Postby WhatsHisName » 2011/11/17 16:37:54

User avatar
WhatsHisName
 
Posts: 1497
Joined: 2005/12/19 20:21:43
Location: /earth/usa/nj

Re: vsftpd-2.0.5 over 5 years old

Postby TrevorH » 2011/11/17 18:29:14

Searching for 'vsftpd cve' shows a list of CVE numbers, the latest of which seems to be CVE-2011-0762. Running

Code: Select all
rpm -q --changelog vsftpd | less


shows this CVE number fixed on Thu Mar 03 2011.
User avatar
TrevorH
Forum Moderator
 
Posts: 9103
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd-2.0.5 over 5 years old

Postby grifs71 » 2012/01/03 16:01:49

What is your configuration are you explicitly listing allowed users, do you have SELinux enabled, what is your netfilter configuration look like?
grifs71
 
Posts: 157
Joined: 2007/10/02 05:15:38
Location: Arkansas, United States


Return to CentOS 5 - Server Support

Who is online

Users browsing this forum: No registered users and 0 guests