流行的开源FTP服务器ProFTPD最近发现被人在代码中放了一个后门。 在安装了包含有后门的ProFTPD服务器版本后,攻击者可以获得系统控制权限,攻击者的IP地址来自沙特阿拉伯地区。在该版本中,输入命令“HELP ACIDBITCHEZ”会出现一个root shell。攻击者利用了一个尚未修复的0day漏洞。受影响的版本是从11月28日到2日在官方镜像下载的ProFTPD 1.3.3c。
The H has an article about a back door that was recently put into the ProFTPD server code. "The back door provides the attackers with complete access to systems on which the modified version of the server has been installed. On installation, the modified version informs the group behind the back door by contacting an IP address in the Saudi Arabia area. Entering the command 'HELP ACIDBITCHEZ' results in the modified server displaying a root shell. [...] Ironically, to place their back door, the attackers used a zero day vulnerability in ProFTPD itself, which the developers were using to make the source code available to users." (Thanks to Jan-Frode Myklebust who gave us a heads-up about this issue).