CVE-2010-20103

Name of the Vulnerable Software and Affected Versions ProFTPD version 1.3.3c

Description A malicious backdoor was integrated into the official ProFTPD 1.3.3c source tarball, distributed between November 28 and December 2, 2010. This backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any operating system command on the FTP server host.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.