View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003311||CentOS-5||vsftpd||public||2008-12-21 13:46||2009-10-17 22:48|
|Target Version||Fixed in Version||5.4|
|Summary||0003311: vsftpd doesn't correctly shut down TLS connections (FTPS)|
|Description||This is a security and an interoperability bug (see additional information links for more on both). |
It appears that all Filezilla versions newer than 22.214.171.124 won't work with vsftpd when using FTPS/FTPES because they error out because of the missing TLS shutdown. Error message: ECONNABORTED. This may apply to other clients over time (as they fix this) as well.
It seems that both, Filezilla and vsftpd developers, see this as a security issue. It was fixed in version 2.0.7 of vsftpd. So, this should get fixed/backported ASAP by upstream.
(- Shutdown the SSL data connections properly. This prevents clients such as
recent FileZilla from complaining. Reported by various people.)
my posting on centos-users: <VA.firstname.lastname@example.org>
|Tags||fixed in 5.4|
|please fill a RFE upstream and cross-link back to here (5.3 beta still have the vsftpd-2.0.5-12.el5. version)|
|I thought I can only file a bug there if I'm a RedHat Network subscriber or so? No?|
|afaik, bugzilla is open to everyone to report bugs/RFE. Of course, upstream does not have to fix it and one doesn't always get solutions/support there. Neverheless the issue/RFE is at least known/public and the package maintainer is aware of the issue.|
I added a comment whatever it's worth. It would apparently need a subscriber to "ask your support representative to set the next rhel-x.y flag to "?".
Opened a SR with upstream to backport this officially. It should be noted that there is a patch included in the bz report.
I built some RPM's against this patch and they are available here:
|I can confirm that an FTPES connect with Filezilla to the vsftpd from these rpms works.|
Per RH, this should be fixed shortly in 4.x:
And is slated to be addressed in RHEL 5.4. No idea if there will be an interim errata release for RHEL5 however...
|2008-12-21 13:46||kai||New Issue|
|2008-12-21 17:33||tru||Note Added: 0008485|
|2008-12-21 17:38||kai||Note Added: 0008486|
|2008-12-21 17:50||tru||Note Added: 0008488|
|2008-12-21 18:08||kai||Note Added: 0008489|
|2009-01-02 17:57||rayvd||Note Added: 0008522|
|2009-01-03 12:48||kai||Note Added: 0008526|
|2009-01-08 16:36||rayvd||Note Added: 0008552|
|2009-08-05 20:38||range||Tag Attached: fixed in 5.4|
|2009-10-17 22:47||range||Status||new => resolved|
|2009-10-17 22:47||range||Fixed in Version||=> 5.4|
|2009-10-17 22:47||range||Resolution||open => fixed|