This script is Copyright (C) 2003-2013 Tenable Network Security, Inc.
The remote FTP server is affected by several flaws.
The following problems have been reported for the version of proftpd in
Debian 2.2 (potato):
1. There is a configuration error in the postinst script, when the user
enters 'yes', when asked if anonymous access should be enabled.
The postinst script wrongly leaves the 'run as uid/gid root'
configuration option in /etc/proftpd.conf, and adds a
'run as uid/gid nobody' option that has no effect.
2. There is a bug that comes up when /var is a symlink, and
proftpd is restarted. When stopping proftpd, the /var
symlink is removed
when it's started again a file named
/var is created.
Upgrade your proftpd server to proftpd-1.2.0pre10-2.0potato1
Risk factor :
Medium / CVSS Base Score : 5.8
Nessus Plugin ID: 11450 ()
CVE ID: CVE-2001-0456