CVE Catalog

CVE-2010-20103

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
4.75%

91th percentile - higher than 91% of all known CVEs

Summary

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that allows remote, unauthenticated attackers to execute arbitrary shell commands with root privileges.

Risk Assessment

An unauthenticated attacker can gain full control over the FTP server, leading to complete system compromise and potential access to sensitive data.

Recommendation

Immediately upgrade ProFTPD to version 1.3.3d or later. Verify the integrity of downloaded source packages using checksums and GPG signatures.

Original NVD description (English source)

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS