CVE-2010-20103
CRITICALDescription
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| proftpd | proftpd |
References
Exploits
Other References
Frequently Asked Questions
What is CVE-2010-20103? +
How severe is CVE-2010-20103? +
What products are affected by CVE-2010-20103? +
How do I check if I'm vulnerable to CVE-2010-20103? +
Related Vulnerabilities
Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized …
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not …
The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, …
Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located …
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 …
A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets …