Vulnerability in Vsftpd
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
EPSS: 0.943 (99.9th percentile) — read the EPSS interpretation.
Affected products
- Vsftpd — versions 2.3.4 downloaded between 20110630 and 20110703
Public proof-of-concept exploits
References
- security-tracker.debian.org/tracker/CVE-2011-2523 (x_refsource_MISC)
- access.redhat.com/security/cve/cve-2011-2523 (x_refsource_MISC)
- [oss-security] 20110711 Re: vsftpd download backdoored (mailing-list, x_refsource_MLIST)
- vigilance.fr/vulnerability/vsftpd-backdoor-in-version-2-3-4-10805 (x_refsource_MISC)
- packetstormsecurity.com/files/102745/VSFTPD-2.3.4-Backdoor-Command-Execution.ht… (x_refsource_MISC)
- packetstormsecurity.com/files/162145/vsftpd-2.3.4-Backdoor-Command-Execution.ht… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2011-2523?
- CVE-2011-2523 is a vulnerability in Vsftpd. Published 2019-11-27.
- Is CVE-2011-2523 known to be exploited?
- 325 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.