Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - ProFTPD distribution servers compromised InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ProFTPD distribution servers compromised

Published: 2010-12-02
Last Updated: 2010-12-02 14:36:49 UTC
by Kevin Johnson (Version: 1)
2 comment(s)

 It was announced that the source for ProFTPD was compromised and a back door was inserted.  The attacker compromised the main site on November 28, 2010.  This site is also the main rsync server, which means that anybody who has downloaded ProFTPD between then and December 1, 2010 is potentially running a version with the backdoor code.  According to reports, this compromise was performed against an unpatched vulnerability within ProFTPD itself, so even if you did not install the backdoored version, you may be running vulnerable software.


More information is available at here

Kevin Johnson

Secure Ideas

2 comment(s)
Diary Archives