HPE GreenLake Administration
Operating System - HP-UX
1834736
Members
2833
Online
110070
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2005 09:44 AM
03-08-2005 09:44 AM
I am working at a customer running wu-ftp compiled from source, 2.6.0. And running TCB on hp-ux 11.0.
Everything works just fine but there are vulnerabilities in wu-ftp that must be patched per audit requirements.
Problem: as far as I can tell, vulnerabilities exist in:
1. the latest version of wu-ftp (2.6.1) that I can download from hp, and besides it supposedly doesn't work (for anonymous ftp) with TCB enabled. The customer is (I think) using anonymous ftp.
2. the latest 2.6.2 build at the porting archive.
3. even the source code download from the www.wu-ftpd.org (but there is a patch to the source code available.) Building from source wouldn't be my first choice, but is (probably) possible.
I would have to do put some effort in figuring out what the config files are doing with "groups" if I switch to another ftpd, so I'd prefer not doing that.
Hopefully I'm missing some obvious easy fix, so... does anyone have a suggestion for the best - ok, make that easiest - solution to closing the wu-ftp vulnerabilties on these systems? I'm trying very hard not to break anything as this is a production environment, with very limited possibilities for experimentation once any changes are made. Thanks for any suggestions.
Paul
Everything works just fine but there are vulnerabilities in wu-ftp that must be patched per audit requirements.
Problem: as far as I can tell, vulnerabilities exist in:
1. the latest version of wu-ftp (2.6.1) that I can download from hp, and besides it supposedly doesn't work (for anonymous ftp) with TCB enabled. The customer is (I think) using anonymous ftp.
2. the latest 2.6.2 build at the porting archive.
3. even the source code download from the www.wu-ftpd.org (but there is a patch to the source code available.) Building from source wouldn't be my first choice, but is (probably) possible.
I would have to do put some effort in figuring out what the config files are doing with "groups" if I switch to another ftpd, so I'd prefer not doing that.
Hopefully I'm missing some obvious easy fix, so... does anyone have a suggestion for the best - ok, make that easiest - solution to closing the wu-ftp vulnerabilties on these systems? I'm trying very hard not to break anything as this is a production environment, with very limited possibilities for experimentation once any changes are made. Thanks for any suggestions.
Paul
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2005 02:25 PM
03-08-2005 02:25 PM
Solution
Best to stick with the binaries.
The latest install from HP depots is a good idea.
Since I installed 2.6.1, three years ago, there were several security warnings. HP released binaries which I manually installed.
You need to check with the response center to make sure you have all the necessary fixes.
The ability to block root ftp was not in the 2.6.1 release. That was annoying and almost nailed me on an audit.
SEP
The latest install from HP depots is a good idea.
Since I installed 2.6.1, three years ago, there were several security warnings. HP released binaries which I manually installed.
You need to check with the response center to make sure you have all the necessary fixes.
The ability to block root ftp was not in the 2.6.1 release. That was annoying and almost nailed me on an audit.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2005 01:14 AM
03-10-2005 01:14 AM
Re: wu-ftp
Thanks. It sounds like all the latest vulnerabilities are not fixed in the latest available binary from the response center.
Paul
Paul
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP