ProFTPD-1.3.3c Backdoor Command Execution

vendor:

ProFTPD

by:

MC, darkharper2

7.5

CVSS

HIGH

Backdoor Command Execution

CWE

Product Name: ProFTPD

Affected Version From: proftpd-1.3.3c.tar.[bz2|gz]

Affected Version To: proftpd-1.3.3c.tar.[bz2|gz]

Patch Exists: YES

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unix

2010

ProFTPD-1.3.3c Backdoor Command Execution

This module exploits a malicious backdoor that was added to the ProFTPD download archive. This backdoor was present in the proftpd-1.3.3c.tar.[bz2|gz] archive between November 28th 2010 and 2nd December 2010.

Mitigation:

Update to a version of ProFTPD that does not contain the backdoor (1.3.3d or later).

Source

ProFTPD-1.3.3c Backdoor Command Execution

Mitigation:

Exploit-DB raw data: