DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd December 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,116
Thanked 182 Times in 149 Posts
Default Back door in ProFTPD FTP server

From http://www.h-online.com/security/new...r-1146592.html

Quote:
Unknown attackers penetrated the server hosting the open source ProFTPD FTP server project and concealed a back door in the source code. The back door provides the attackers with complete access to systems on which the modified version of the server has been installed.

On installation, the modified version informs the group behind the back door by contacting an IP address in the Saudi Arabia area. Entering the command 'HELP ACIDBITCHEZ' results in the modified server displaying a root shell.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 4th December 2010
comet--berkeley comet--berkeley is offline
Old programmer/hacker
 
Join Date: Apr 2009
Posts: 85
Thanked 1 Time in 1 Post
Smile Hackers poison well of open-source FTP app

This was also reported on the UK Register

http://www.theregister.co.uk/2010/12...pd_backdoored/

Here is a quote from the article:

John Morrissey, a member of the ProFTPD core team, said in an email sent Thursday afternoon that members "currently believe the vulnerability used to gain access to ftp.proftpd.org was previously announced and fixed in ProFTPD, but was unpatched on the system in question."
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Other Security update for ProFTPD FTP server J65nko News 0 3rd November 2010 05:55 PM
We're back! rpindy Feedback and Suggestions 4 5th July 2010 09:09 AM
proftpd start at boot wont work jjjustjjjay OpenBSD General 9 28th February 2010 12:40 AM
I'm back too :) ai-danno Off-Topic 10 22nd January 2010 02:42 AM
proftpd and ppp modem mtx General software and network 3 11th June 2008 11:33 AM


All times are GMT. The time now is 08:45 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick