ProFTPD Backdoor Unauthorized Access Vulnerability

Published: 2010-12-02 18:42:22

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
ProFTPD is prone to an unauthorized-access vulnerability due to a backdoor in certain versions of the application.

Affected Versions:
The issue affects the ProFTPD 1.3.3c Linux Distribution Package downloaded between November 28 and December 2, 2010. The MD5 sums of the unaffected ProFTPD 1.3.3c source Linux Distribution Packages are as follows: 8571bd78874b557e98480ed48e2df1d2 proftpd-1.3.3c.tar.bz2 4f2c554d6273b8145095837913ba9e5d proftpd-1.3.3c.tar.gz Files with MD5 sums other than those listed above should be considered affected.

Recommendations:
The vendor released an advisory to address the issue. Please see the references for more information.

Impact:
Exploiting this issue allows remote attackers to execute arbitrary system commands with superuser privileges.

Solution Type:
Vendor Patch

Detection Type:
Remote Vulnerability

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/45150

References:

https://www.securityfocus.com/bid/45150
http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org
http://www.proftpd.org

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.