Vulnerability Description
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proftpd | Proftpd | 1.3.3 |
Related Weaknesses (CWE)
References
- http://www.proftpd.org/Product
- https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2010-151.hThird Party Advisory
- https://github.com/proftpd/proftpdProduct
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/expExploitThird Party Advisory
- https://web.archive.org/web/20111107212129/http://rsync.proftpd.org/Release Notes
- https://www.exploit-db.com/exploits/15662ExploitVDB Entry
- https://www.exploit-db.com/exploits/16921ExploitVDB Entry
- https://www.vulncheck.com/advisories/proftpd-backdoor-command-executionThird Party Advisory
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/expExploitThird Party Advisory
- https://www.exploit-db.com/exploits/15662ExploitVDB Entry
- https://www.exploit-db.com/exploits/16921ExploitVDB Entry
FAQ
What is CVE-2010-20103?
CVE-2010-20103 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when in...
How severe is CVE-2010-20103?
CVE-2010-20103 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2010-20103?
Check the references section above for vendor advisories and patch information. Affected products include: Proftpd Proftpd.