Bug#825271: vsftpd: deny_file not preventing upload anymore
Package: vsftpd
Version: 3.0.2-17+deb8u1
Severity: normal
Dear Maintainer,
We have upgraded the system from wheezy to jessie. After the upgrade we noticed that the deny_file option in vsftpd.conf no longer prevents file with specified filenames to be uploaded.
The syntax we used for specifying filenames is identical with the one we use in hide_file where it works as intended.
There is no mention of this change in behaviour in the changelogs.
Maybe the issue is related to vulnerability fix CVE-2015-1419 (Fix config option "deny_file" not always being handled correctly)
-- Package-specific info:
-- System Information:
Debian Release: 8.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages vsftpd depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.56
ii dialog 1.2-20140911-1
ii init-system-helpers 1.22
ii libc6 2.19-18+deb8u4
ii libcap2 1:2.24-8
ii libpam-modules 1.1.8-3.1+deb8u1+b1
ii libpam0g 1.1.8-3.1+deb8u1+b1
ii libssl1.0.0 1.0.1k-3+deb8u5
ii libwrap0 7.6.q-25
ii netbase 5.3
Versions of packages vsftpd recommends:
ii logrotate 3.8.7-1+b1
ii ssl-cert 1.0.35
vsftpd suggests no packages.
-- Configuration Files:
/etc/logrotate.d/vsftpd changed:
/var/log/vsftpd.log
{
create 640 root
# ftpd doesn't handle SIGHUP properly
compress
missingok
notifempty
rotate 104
weekly
}
/etc/vsftpd.conf changed:
listen=YES
anonymous_enable=YES
write_enable=YES
anon_root=/srv/ftp/
anon_umask=017
anon_upload_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
idle_session_timeout=1200
data_connection_timeout=600
ls_recurse_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
pasv_max_port=59000
pasv_min_port=41001
log_ftp_protocol=NO
deny_file={*.txt}
user_config_dir=/etc/vsftpd/vsftpd_user_conf
-- debconf information:
vsftpd/username: ftp
vsftpd/directory: /srv/ftp
Reply to: