vsftpd Smiley Face Backdoor
Critical Nessus Plugin ID 55523
SynopsisThe remote FTP server contains a backdoor, allowing execution of arbitrary code.
DescriptionThe version of vsftpd running on the remote host has been compiled with a backdoor. Attempting to login with a username containing :) (a smiley face) triggers the backdoor, which results in a shell listening on TCP port 6200. The shell stops listening after a client connects to and disconnects from it.
An unauthenticated, remote attacker could exploit this to execute arbitrary code as root.
SolutionValidate and recompile a legitimate copy of the source code.