Security flaw in Debian's fsp package. | Linux Today
Security
SHARE
Facebook X Pinterest WhatsApp

Security flaw in Debian’s fsp package.

Written By
Web Webster
Web Webster
Nov 25, 1998 
We have found that the fsp package introduces a possible security flaw.
When the fsp package is installed it adds the ftp user without prompting
the admin. This can enable anonymous FTP if you use the standard ftp or
wu-ftpd as your FTP daemon.

If you have have installed fsp and a FTP daemon and do not want to have
anonymous FTP enabled you should remove the ftp account. This can be done
with the command "userdel ftp".

Please note that if you use proftpd as the FTP daemon this flaw will not
affect you, since it required one to enable anonymous FTP manually.

We have fixed this in fsp 2.71-10. Please note that if you have already
installed fsp upgrading to this version will not remove the FTP user,
you will have to do manually.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
-------------------------------

  This version of Debian was released only for the Intel and the
  Motorola 680x0 architecture.

  Source archives:
    ftp://ftp.debian.org/pub/debian/dists/proposed-updates/fsp_2.71.orig.tar.gz
      MD5 checksum: 4cce768adb80e9ea5ff7d96b98369624
    ftp://ftp.debian.org/pub/debian/dists/proposed-updates/fsp_2.71-8hamm10.diff.gz
      MD5 checksum: 367fe0c589f4bca9b1e76babc1d50edc
    ftp://ftp.debian.org/pub/debian/dists/proposed-updates/fsp_2.71-8hamm10.dsc
      MD5 checksum: b232716fdfbe82960ad7aec53c2712bd

  Intel architecture:
    ftp://ftp.debian.org/pub/debian/dists/proposed-updates/fsp_2.71-8hamm10_i386.deb
      MD5 checksum: 9385c3e6891892d38b47682fa076f559

  Motorola 680x0 architecture:
    ftp://ftp.debian.org/pub/debian/dists/proposed-updates/fsp_2.71-8hamm10_m68k.deb
      MD5 checksum: d4f4cfac9c303bf61fb23801722709d2

  These files will be moved into
  ftp://ftp.debian.org/debian/dists/hamm/*/binary-$arch/ soon.


For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information