Re: telnetd vulnerability from BUGTRAQ

To: debian-security@lists.debian.org
Subject: Re: telnetd vulnerability from BUGTRAQ
From: Dariush Pietrzak <eyck@forumakad.pl>
Date: Tue, 28 Sep 2004 12:23:33 +0200
Message-id: <[🔎] 20040928102332.GA2574@forumakad.pl>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87sm9226xo.fsf@enki.rimspace.net>
References: <[🔎] 20040924223514.GF28963@vnl.com> <[🔎] 1096078639.10826.11.camel@pitc> <[🔎] Pine.LNX.4.58.0409242337150.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925083859.GH22041@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409251409300.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925211946.GV32311@linuxmafia.com> <20040927072410.GA3495@forumakad.pl> <[🔎] 1096315718.32426.27.camel@king.gregfolkert.net> <[🔎] 20040928065054.GB22196@forumakad.pl> <[🔎] 87sm9226xo.fsf@enki.rimspace.net>

> 
> I don't know what you imagine is "encrypted" in FTP, though, since that
> is not part of the specification or the standard implementations.
 oh, not part of THIS: http://www.ietf.org/rfc/rfc2246.txt specification?
that is like, what, 5 years old?

 Well, what about this:
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
and this:
http://www.faqs.org/ftp/internet-drafts/draft-murray-auth-ftp-ssl-13.txt
and this:
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html,
and this
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html#client


  And this is fully supported by debian, we've got excellent client (lftp),
excelent server (proftpd) and funky server (wzdftpd), so there's something
for everyone. 
 I think noone uploaded tlswrap yet, although I've been using it with
success and on many platforms for ~2 years now.

I would suggest updating one's knowledge at least every ~5 years or so...
(it's easy for me to say, because i'm still learning, maybe people with
decades of IT experience find it more difficult to follow development of
standards)
-- 
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294  05E0 BCC7 02C4 75CC 50D9

Reply to:

Follow-Ups:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: BAHAHA was (telnetd vulnerability from BUGTRAQ)
  - From: Greg Folkert <greg@gregfolkert.net>

References:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dale Amon <amon@vnl.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Peter McAlpine <peter@aoeu.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dariusz Pietrzak <proftpd@forumakad.pl>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: vulnerabilities in CVS?
Next by Date: Re: telnetd vulnerability from BUGTRAQ
Previous by thread: Re: telnetd vulnerability from BUGTRAQ
Next by thread: Re: telnetd vulnerability from BUGTRAQ
Index(es):
- Date
- Thread