CVE-2010-20103

Опубликовано: 20 авг. 2025

Источник: nvd

CVSS3: 9.8

EPSS Высокий

Описание

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

Ссылки

http://www.proftpd.org/
Product
https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2010-151.html/
Third Party Advisory
https://github.com/proftpd/proftpd
Product
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb
Exploit
Third Party Advisory
https://web.archive.org/web/20111107212129/http://rsync.proftpd.org/
Release Notes
https://www.exploit-db.com/exploits/15662
Exploit
VDB Entry
https://www.exploit-db.com/exploits/16921
Exploit
VDB Entry
https://www.vulncheck.com/advisories/proftpd-backdoor-command-execution
Third Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/15662
Exploit
VDB Entry
https://www.exploit-db.com/exploits/16921
Exploit
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:proftpd:proftpd:1.3.3:c:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.8304

Высокий

9.8 Critical

CVSS3

Дефекты

CWE-912

Связанные уязвимости

GHSA-xm7r-423x-5463