CVE-2010-20103
CriticalCVSS 9.8Exploitation Probability (EPSS)
Very high risk91th percentile - higher than 91% of all known CVEs
Summary
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that allows remote, unauthenticated attackers to execute arbitrary shell commands with root privileges.
Risk Assessment
An unauthenticated attacker can gain full control over the FTP server, leading to complete system compromise and potential access to sensitive data.
Recommendation
Immediately upgrade ProFTPD to version 1.3.3d or later. Verify the integrity of downloaded source packages using checksums and GPG signatures.
Original NVD description (English source)
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

