[NetDemon] 认为这个问题不宜在本版讨论,贴子已被转移到<< 菜鸟乐园>> ========原贴内容如下:======== Ftp PASV on connect crashes the FTP server
The remote FTP server dies and dump core when it is issued a PASV command as soon as the client connects. The FTP server is very likely to write a world readable core file which contains portions of the passwd file. This allows local users to obtain the shadowed passwd file.
Risk factor : High.
Solution : Upgrade your FTP server to a newer version or disable it CVE_ID : CVE-1999-0075 NESSUS_ID : 10086
|