Skip to content

vsftpd

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

vsftpd

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
001-read-only-open-sandbox-permits-file-creation.md
001-read-only-open-sandbox-permits-file-creation.md
 
 
001-read-only-open-sandbox-permits-file-creation.patch
001-read-only-open-sandbox-permits-file-creation.patch
 
 
002-http-get-bypasses-anonymous-prelogin-controls.md
002-http-get-bypasses-anonymous-prelogin-controls.md
 
 
002-http-get-bypasses-anonymous-prelogin-controls.patch
002-http-get-bypasses-anonymous-prelogin-controls.patch
 
 
003-alpn-scanner-accepts-embedded-ftp-outside-protocol-entry.md
003-alpn-scanner-accepts-embedded-ftp-outside-protocol-entry.md
 
 
003-alpn-scanner-accepts-embedded-ftp-outside-protocol-entry.patch
003-alpn-scanner-accepts-embedded-ftp-outside-protocol-entry.patch
 
 
README.md
README.md
 
 

README.md

vsftpd Audit Findings

Security audit of vsftpd, a secure FTP daemon for Unix-like systems. Each finding includes a detailed write-up and a patch.

Summary

Total findings: 3 -- High: 3

Findings

ptrace sandbox

# Finding Severity
001 Read-only open sandbox permits file creation High

Prelogin / HTTP mode

# Finding Severity
002 HTTP GET bypasses anonymous prelogin controls High

TLS / ALPN

# Finding Severity
003 ALPN scanner accepts embedded ftp outside protocol entry High