vsftpd
vsftpd official distribution site compromised distributing backdoor
The FTP server hosting the official vsftpd source code tarballs was compromised. For a brief period, the download for vsftpd version 2.3.4 was replaced with a version containing a backdoor. This backdoor opened a listening shell on TCP port 6200 when a username ending in ':)' was used to log in.
- Date
- 2011-07-03
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
vsftpd
LanguageC
ComponentDaemon
Artifact typesource archive
Domain typeproject download host
Domain
security.appspot.com
Compromised Versions
- 2.3.4
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Observed Duration
- 0 days
Evidence
Compromised Artifacts
- vsftpd.beasts.orgusers/cevans/vsftpd-2.3.4.tar.gz
- security.appspot.com/downloads/vsftpd-2.3.4.tar.gz
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:a2bfd376c14ec3a83553c0c1aac0d1ffsha1:26043b532863a0b354d0b7937ad7fed75c1b0a32
External References
Source Data
Source record: oss/vsftpd/meta.yaml