- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- HP certified newer version of WU-FTP
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-26-2009 01:38 AM
тАО06-26-2009 01:38 AM
HP certified newer version of WU-FTP
When is HP likely to release a new certified version of WU-FTP?
Thanks in advance,
D
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-26-2009 04:36 AM
тАО06-26-2009 04:36 AM
Re: HP certified newer version of WU-FTP
There are better alternatives such as PureFTPd, ProFTPd, etc which are easier to configure and have more modern features such as virtual users and privilege separation.
In my case I still use the stock HP-UX WU-FTPd for production since I can vouch to my security auditors that "a respectable vendor handles the security patches".
Good luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-26-2009 06:18 AM
тАО06-26-2009 06:18 AM
Re: HP certified newer version of WU-FTP
HP provides binary updates for security issues to customers with software service contracts.
http://software.hp.com has the latest full version of wu-ftp
I try to keep it updated and use secure shell (same site) whenever possible as a more secur alternative.
Note with wu-ftp: Always disable root ftp access. Not doing so is a major security hazard as ftp authenticates in clear text. Yes it transmits the password in clear text available on any network node and easily read.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-01-2009 10:34 AM
тАО07-01-2009 10:34 AM
Re: HP certified newer version of WU-FTP
Does HP state anywhere that the wu-ftp is updated with the latest security patches? Specifically the "WU-FTPD fb_realpath() Off-By-One Buffer Overflow" vulnerability on HP-UX 11.31. (CVE-2003-0466)
Thanks,
Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-01-2009 05:45 PM
тАО07-01-2009 05:45 PM
Re: HP certified newer version of WU-FTP
Many questions arise in the ITRC forums because the stock HP-UX FTP daemon is based on WU-FTPd 2.6.1, while the last official release from the WU-FTPd development group is 2.6.2. From my understanding, what HP does is backport any security patches and add enhancements to their own fork of 2.6.1.
I take it for granted that the open source version of WU-FTPd is now unmaintained as there have been no updates for many years, their mailing lists have fallen silent, and their web site has been down for over a year now.
HP chose it as their stock server to replace the older (BSD/SysV?) ftpd back in 1998 since it was still very popular at the time, with a BSD-like license. It still does the job so they keep it at a statu quo for the time being. But any administrator who takes care of a busy or internet-exposed FTP site will probably want to use something else than WU-FTPd.
For your security issue in particular, there is a security bulletin about it here:
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c00951272-3
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-01-2009 08:08 PM
тАО07-01-2009 08:08 PM
Re: HP certified newer version of WU-FTP
You say:
I might be mistaken, but my impression is that since WU-FTPd is part of the core operating system, HP is required to maintain and release security patches for that product. If Bob is reading this and I'm wrong, I'm sure he'll chip in to correct me.
Response:
You are not wrong. HP provides binary updates to the wu-ftpd server on a regular basis as security holes are found and made public. They are available to customers with a software support contract. They provide new versions on http://software.hp.com when they feel it is appropriate.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2009 06:39 AM
тАО07-02-2009 06:39 AM
Re: HP certified newer version of WU-FTP
http://www13.itrc.hp.com/service/patch/document.do?docId=equiv_data1111to1131
PHNE_34544:ftpd(1M) and ftp(1) patch Fixed
Fixed - the defect repairs were integrated into the newer release.
Thanks again,
Mike