Very Secure FTP Daemon - now even safer
According to security specialist SecurityReason, a medium risk vulnerability in the vsftpd FTP server for Unix-like systems discovered by Maksymilian Arciemowicz could open the way to a denial-of-service (DoS) attack. The bug could be used by attackers, for example, to disable a wide range of servers.
Versions up to and including 2.3.2 of vsftpd, which stands for "Very Secure FTP Daemon", are reportedly affected; version 2.3.4 corrects the problem. All users are advised to upgrade to this latest version as soon as possible.
Optimised for security and speed under heavy loads, the FTP server is used by a number of well known sites, such as ftp.suse.com, ftp.redhat.com, ftp.gnu.org, ftp.kernel.org and ftp.freebsd.org. vsftpd is licensed under the terms of the GPL.
- vsftpd 2.3.2 remote denial-of-service_blank, security advisory from SecurityReason.