The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of vsftpd: backdoor in version 2.3.4

Synthesis of the vulnerability 

A backdoor was added in the source code of vsftpd 2.3.4.
Impacted systems: vsftpd.
Severity of this alert: 3/4.
Creation date: 04/07/2011.
Revision date: 05/07/2011.
Références of this alert: BID-48539, CVE-2011-2523, VIGILANCE-VUL-10805.

Description of the vulnerability 

The source code of the FTP vsftpd server is hosted on the vsftpd.beasts.org site.

However, between the 30th of June 2011 and the 3rd of July 2011, a backdoor was added in the source code. This backdoor detects if the login starts by ":)", and then opens a shell on the port 6200/tcp.

A remote attacker can therefore use this backdoor, in order to access to the system.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat note impacts software or systems such as vsftpd.

Our Vigil@nce team determined that the severity of this weakness alert is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a beginner ability can exploit this computer weakness note.

Solutions for this threat 

vsftpd: version 2.3.4 posterior to the 3rd of July 2011.
If vsftpd 2.3.4 was downloaded between the 30th of June 2011 and the 3rd of July 2011, the new version has to be downloaded:
  https://security.appspot.com/downloads/vsftpd-2.3.4.tar.gz
  https://security.appspot.com/downloads/vsftpd-2.3.4.tar.gz.asc
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerabilities analysis. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.