ProFTPD is prone to an unauthorized-access vulnerability due to a backdoor in certain versions of the application. Exploiting this issue allows remote attackers to execute arbitrary system commands with superuser privileges. The issue affects the ProFTPD 1.3.3c package downloaded between November 28 and December 2, 2010. The MD5 sums of the unaffected ProFTPD 1.3.3c source packages are as follows: 8571bd78874b557e98480ed48e2df1d2 proftpd-1.3.3c.tar.bz2 4f2c554d6273b8145095837913ba9e5d proftpd-1.3.3c.tar.gz Files with MD5 sums other than those listed above should be considered affected.
The vendor released an advisory to address the issue. Please see the references for more information.