This script is Copyright (C) 2010-2011 Tenable Network Security, Inc.
The FTP server contains a backdoor allowing execution of arbitrary
The remote host is using ProFTPD, a free FTP server for Unix and
The version of ProFTPD installed on the remote host has been compiled
with a backdoor in 'src/help.c', apparently related to a compromise of
the main distribution server for the ProFTPD project on the 28th of
November 2010 around 20:00 UTC and not addressed until the 2nd of
By sending a special HELP command, an unauthenticated, remote attacker
can gain a shell and execute arbitrary commands with system
Note that the compromised distribution file also contained code that
ran as part of the initial configuration step and sent a special HTTP
request to a server in Saudi Arabia. If this install was built from
source, you should assume that the author of the backdoor is already
aware of it.
See also :
Reinstall the host from known, good sources.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Nessus Plugin ID: 50989 ()
Bugtraq ID: 45150
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.