CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 2nd, 2010

ProFTPD Distribution Server Compromised For 3 Days, Sources Backdoored With Root Shell

Unknown attackers managed to compromise the main distribution server of the ProFTPD Project and rigged the source code with a root shell backdoor. ProFTPD is a very popular open source FTP daemon (server) capable of running on most UNIX-like systems including Linux, BSD, Mac OS X and Solaris.

The software is distributed as source code from ftp.proftpd.org and other secondary distribution servers that mirror its content.

According to an announcement on the project’s website, the intrusion on ftp.proftpd.org happened sometime on November 28, but it wasn’t detected until today.

“All users who run versions of ProFTPD which have been downloaded and compiled in this time window are strongly advised to check their systems for security compromises and install unmodified versions of ProFTPD,” the project’s administrators write.

In an email to the proftpd-user mailing list, TJ Saunders, the ProFTPD maintainer, notes that attackers most likely exploited an unpatched security flaw in the FTP software to get in.

This is an interesting theory given that the ftp.proftpd.org has since been restored, but no alert of a zero-day critical vulnerability was issued. Notable public FTP servers that use the ProFTPD software include ftp.apple.com, ftp.openssl.org and ftp.rsa.com.

With the newly gained access, the hackers modified the source code of ProFTPD 1.3.3c to include a backdoor that would allow them to obtain root shells on systems running the compromised version.

According to French vulnerability research company VUPEN Security, the backdoor can be activated by sending a command called “HELP ACIDBITCHEZ” to the FTP server and authentication is not necessary.

“The unauthorized modification of the source code was noticed by Daniel Austin and relayed to the ProFTPD project by Jeroen Geilman on Wednesday, December 1 and fixed shortly afterwards,” Saunders notes.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • Red Hat Releases Critical OpenSSH Update After Detection Of Server Intrusion
  • iPhone Worm Infects Devices And Redirecs Dutch Online Bank Users To A Phishing Site
  • Apache.org Services Hit By Complex Attack, Server Breach Exposes Passwords
  • Fake Wordpresz.org Site Distributes Backdoored WordPress Package
  • Nepal Supreme Court Website Compromised And Became Porn Video Hoster

    • Posted in Breaches And Incidents, Cybercrime, Hacked, Software, Targeted Attacks, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Thursday, December 2nd, 2010 at 10:06 am and is filed under Breaches And Incidents, Cybercrime, Hacked, Software, Targeted Attacks, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: ProFTPD Distribution Server Compromised For 3 Days, Sources Backdoored With Root Shell

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word

    « «
    » »