vsftpd

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
vsftpd
Developer(s)Chris Evans
Stable release
3.0.5 / August 2, 2021 (2021-08-02)
Operating systemUnix-like systems
TypeFTP daemon
LicenseGPL
Websitesecurity.appspot.com/vsftpd.html

vsftpd, (or very secure FTP daemon),[1] is an FTP server for Unix-like systems, including Linux. It is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX, Slackware and RHEL Linux distributions. It is licensed under the GNU General Public License. It supports IPv6, TLS and FTPS (explicit since 2.0.0 and implicit since 2.1.0).

Details[edit]

vsftpd works through the Unix account management, meaning that a user account with the user name and password desired for the FTP server must exist on the operating system, and listed inside /etc/vsftpd.user_list.

Its configuration file is located at /etc/vsftpd.conf. The settings are changed using a text editor.

Compromised website[edit]

In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been compromised.[2][3] Users logging into a compromised vsftpd-2.3.4 server may issue a ":)" smileyface as the username and gain a command shell on port 6200.[3] This was not an issue of a security hole in vsftpd, instead, an unknown attacker had uploaded a different version of vsftpd which contained a backdoor. Since then, the site was moved to Google App Engine.

See also[edit]

References[edit]

  1. ^ "README file from source code".[dead link]
  2. ^ vsftpd Compromised Source Packages Backdoor Vulnerability at SecurityFocus
  3. ^ a b Evans, Chris (2011-06-03). "Alert: vsftpd download backdoored". Retrieved July 7, 2011.

External links[edit]