 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.103185 |
| Category: | Gain a shell remotely |
| Title: | vsftpd Compromised Source Packages Backdoor Vulnerability |
| Summary: | vsftpd is prone to a backdoor vulnerability. |
| Description: | Summary: vsftpd is prone to a backdoor vulnerability. Vulnerability Insight: The tainted source package contains a backdoor which opens a shell on port 6200/tcp. Vulnerability Impact: Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application. Affected Software/OS: The vsftpd 2.3.4 source package downloaded between 20110630 and 20110703 is affected. Solution: The repaired package can be downloaded from the referenced vendor homepage. Please validate the package with its signature. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-2523 [oss-security] 20110711 Re: vsftpd download backdoored https://www.openwall.com/lists/oss-security/2011/07/11/5 http://packetstormsecurity.com/files/162145/vsftpd-2.3.4-Backdoor-Command-Execution.html https://access.redhat.com/security/cve/cve-2011-2523 https://packetstormsecurity.com/files/102745/VSFTPD-2.3.4-Backdoor-Command-Execution.html https://security-tracker.debian.org/tracker/CVE-2011-2523 https://vigilance.fr/vulnerability/vsftpd-backdoor-in-version-2-3-4-10805 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |