Home

Description

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

PUBLISHED Reserved 2025-08-19 | Published 2025-08-20 | Updated 2025-08-22 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-912 Hidden Functionality

Product status

Default status
unaffected

1.3.3c
affected

References

web.archive.org/web/20111107212129/http://rsync.proftpd.org/ vendor-advisory patch

raw.githubusercontent.com/...ix/ftp/proftpd_133c_backdoor.rb exploit

www.exploit-db.com/exploits/15662 exploit

www.exploit-db.com/exploits/16921 exploit

advisories.checkpoint.com/...public/2011/cpai-2010-151.html/ third-party-advisory

github.com/proftpd/proftpd product

www.proftpd.org/ product

www.vulncheck.com/...ries/proftpd-backdoor-command-execution third-party-advisory

cve.org (CVE-2010-20103)

nvd.nist.gov (CVE-2010-20103)

Download JSON