FreeBSD : proftpd -- Compromised source packages backdoor (ed7fa1b4-ff59-11df-9759-080027284eaa)

high Nessus Plugin ID 50980

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The ProFTPD Project team reports :

The security issue is caused due to the distribution of compromised ProFTPD 1.3.3c source code packages via the project's main FTP server and all of the mirror servers, which contain a backdoor allowing remote root access.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?74de525d

http://www.nessus.org/u?588ee1df

Plugin Details

Severity: High

ID: 50980

File Name: freebsd_pkg_ed7fa1b4ff5911df9759080027284eaa.nasl

Version: 1.8

Type: local

Published: 12/6/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:proftpd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/4/2010

Vulnerability Publication Date: 11/28/2010

Reference Information

Secunia: 42449