LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   which is best licensed ftp server : Pureftp(Bsd license) vs vsftpd (Gpl license) (https://www.linuxquestions.org/questions/linux-server-73/which-is-best-licensed-ftp-server-pureftp-bsd-license-vs-vsftpd-gpl-license-4175430213/)

jsaravana87 10-03-2012 02:16 AM

which is best licensed ftp server : Pureftp(Bsd license) vs vsftpd (Gpl license)
 
Hi
Inorder to install ftp server in my production server .I had found pureftp and vsftpd are both are licensed and having security feature .Which of these license version of ftp is more reliable in production server .

Currently im using of vsftpd(virtaulftp) in production environment ,But it have some security drawback in VSFTPD.How can i reduce the below security compliance in vsftpd

vsftpd CVE Entries: 12
Shodan vsftpd entries: 41

unSpawn 10-03-2012 12:22 PM

Quote:

Originally Posted by arun5002 (Post 4795686)
Which of these license version of ftp is more reliable in production server .

As far as my understanding goes any party can include BSD code w/o having to share any changes like for example Microsoft and Apple do (or rather: don't). For your server usage it does not make a difference unless there's a specific reason you're asking. (But then I'd first ask if you've actually read the BSD and GPL.)


Quote:

Originally Posted by arun5002 (Post 4795686)
it have some security drawback in VSFTPD.

Please explain or please check your English / translation because "security drawback" doesn't look OK: did you mean "vulnerability" perhaps?.


Quote:

Originally Posted by arun5002 (Post 4795686)
How can i reduce the below security compliance in vsftpd

vsftpd CVE Entries: 12

Did you even assess what the CVE entries were about? Of the about 6 remaining CVE entries for Vsftpd at least 2 are distribution-specific and the other 4 won't compromise security in the sense of authentication bypasses etc. And sid you compare these CVE's with those for Pureftpd? If you did, would you rather face resource exhaustion (Vsftpd: CVE-2011-0762) or allow users to overwrite arbitrary files (Proftpd: CVE-2011-3171) or command injection (Pureftpd: CVE-2011-1575)?


All times are GMT -5. The time now is 09:37 AM.