Vulnerability Name:

CVE-2011-2523 (CCN-68366)

Assigned:2011-07-04
Published:2011-07-04
Updated:2021-04-12
Summary:vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-78
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-2523

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/162145/vsftpd-2.3.4-Backdoor-Command-Execution.html

Source: CCN
Type: SA45133
vsftpd Compromised Source Packages Backdoor Security Issue

Source: CCN
Type: vsftpd Web page
vsftpd - Secure, fast FTP server for UNIX-like systems

Source: CCN
Type: OSVDB ID: 73573
vsftpd on vsftpd.beasts.org Trojaned Distribution

Source: CCN
Type: BID-48539
vsftpd Compromised Source Packages Backdoor Vulnerability

Source: MISC
Type: Third Party Advisory
https://access.redhat.com/security/cve/cve-2011-2523

Source: XF
Type: UNKNOWN
vsftpd-package-backdoor(68366)

Source: CCN
Type: NMAP Web site
File ftp-vsftpd-backdoor

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
https://packetstormsecurity.com/files/102745/VSFTPD-2.3.4-Backdoor-Command-Execution.html

Source: CCN
Type: Packet Storm Security [04-12-2021]
vsftpd 2.3.4 Backdoor Command Execution

Source: MISC
Type: Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-2523

Source: MISC
Type: Third Party Advisory
https://vigilance.fr/vulnerability/vsftpd-backdoor-in-version-2-3-4-10805

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-05-2011]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-12-2021]

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20110711 Re: vsftpd download backdoored

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vsftpd_project:vsftpd:2.3.4:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:beasts:vsftpd:2.3.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    vsftpd_project vsftpd 2.3.4
    debian debian linux 8.0
    debian debian linux 9.0
    debian debian linux 10.0
    beasts vsftpd 2.3.4