Vsftpd Compromised Source Packages Backdoor Vulnerability Network Vulnerability

Summary

vsftpd is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application. The vsftpd 2.3.4 source package is affected.

Solution

The repaired package can be downloaded from https://security.appspot.com/vsftpd.html. Please validate the package with its signature.

References

http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
http://vsftpd.beasts.org/
http://www.securityfocus.com/bid/48539
https://security.appspot.com/vsftpd.html

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

MySQL buffer overflow
SimpleServer remote execution
NT IIS 5.0 Malformed HTTP Printer Request Header Buffer Overflow Vulnerability
Mercur Mailserver/Messaging version <= 5.0 IMAP Overflow Vulnerability
snmpXdmid overflow

vsftpd Compromised Source Packages Backdoor Vulnerability

Take action and discover your vulnerabilities