vsftpd (or very secure FTP daemon) is an
FTP
The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and dat ...
server for
Unix-like
A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...
systems, including
Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
. It is the default FTP server in the
Ubuntu
Ubuntu ( ) is a Linux distribution based on Debian and composed primarily of free and open-source software. Developed by the British company Canonical (company), Canonical and a community of contributors under a Meritocracy, meritocratic gover ...
,
CentOS
CentOS (, from Community Enterprise Operating System; also known as CentOS Linux) is a discontinued Linux distribution that provided a free and open-source community-supported computing platform, functionally compatible with its upstream (softw ...
,
Fedora
A fedora () is a hat with a soft brim and indented crown.Kilgour, Ruth Edwards (1958). ''A Pageant of Hats Ancient and Modern''. R. M. McBride Company. It is typically creased lengthwise down the crown and "pinched" near the front on both sides ...
,
NimbleX
NimbleX is a small Slackware-based Linux distribution optimized to run from a CD, USB drive or a network environment. NimbleX has been praised for how fast it boots, as well as for its small disk footprint, which is considered surprising for a ...
,
Slackware
Slackware is a Linux distribution created by Patrick Volkerding in 1993. Originally based on Softlanding Linux System (SLS), Slackware has been the basis for many other Linux distributions, most notably the first versions of SUSE Linux distr ...
and
RHEL
Red Hat Enterprise Linux (RHEL) is a commercial Linux distribution developed by Red Hat. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop version for x86-64. Fedora Linux and CentOS St ...
Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
distributions. It is licensed under the
GNU General Public License
The GNU General Public Licenses (GNU GPL or simply GPL) are a series of widely used free software licenses, or ''copyleft'' licenses, that guarantee end users the freedom to run, study, share, or modify the software. The GPL was the first ...
. It supports
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
,
TLS and
FTPS
FTPS (also known as FTP-SSL and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer (SSL, which is now prohibited by RFC756 ...
(explicit since 2.0.0 and implicit since 2.1.0).
Compromised website
In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been compromised.
vsftpd Compromised Source Packages Backdoor Vulnerability
at SecurityFocus
SecurityFocus was an online computer security news portal and purveyor of information security services. Home to the well-known Bugtraq mailing list, SecurityFocus columnists and writers included former Department of Justice cybercrime
Cy ...
Users logging into a compromised vsftpd-2.3.4 server may issue a ":)" smileyface as the username and gain a command shell on port 6200. This was not an issue of a security hole in vsftpd, instead, an unknown attacker had uploaded a different version of vsftpd which contained a backdoor. Since then, the site was moved to Google App Engine
Google App Engine (also referred to as GAE or App Engine) is a cloud computing platform used as a service for developing and hosting web applications. Applications are sandboxed and run across multiple Google-managed servers. GAE supports aut ...
.
See also
* Comparison of FTP server software
* Pure-FTPd
Pure-FTPd is a free ( ISC license) FTP Server with a strong focus on software security. It can be compiled and run on a variety of Unix-like computer operating systems including Linux, OpenBSD, NetBSD, FreeBSD, DragonFly BSD, Solaris, Tru64, Dar ...
References
{{reflist
External links
Guide to setting up vsftpd
including TLS/SSL encryption
FTP server software
Free server software
Free file transfer software
FTP server software for Linux
Unix Internet software
Free software programmed in C