ProFTPD 1.3.3c Backdoor Command Execution
Summary
| CVE | CVE-2010-20103 |
|---|---|
| State | PUBLISHED |
| Assigner | VulnCheck |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-08-20 16:15:34 UTC |
| Updated | 2026-07-15 02:16:56 UTC |
| Description | A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host. |
Risk And Classification
Primary CVSS: v4.0 9.3 CRITICAL from [email protected]
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.047530000 probability, percentile 0.908760000 (date 2026-07-17)
Problem Types: CWE-912 | CWE-912 CWE-912 Hidden Functionality
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 9.3 | CRITICAL | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 9.3 | CRITICAL | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| 3.1 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowAttack Requirements
NonePrivileges Required
NoneUser Interaction
NoneConfidentiality
HighIntegrity
HighAvailability
HighSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | ProFTPD Project | ProFTPD Professional FTP Daemon | affected 1.3.3c | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/proftpd/proftpd | [email protected] | github.com | Product |
| www.exploit-db.com/exploits/16921 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.exploit-db.com | Exploit, VDB Entry |
| www.proftpd.org | [email protected] | www.proftpd.org | Product |
| www.exploit-db.com/exploits/15662 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.exploit-db.com | Exploit, VDB Entry |
| web.archive.org/web/20111107212129/http://rsync.proftpd.org | [email protected] | web.archive.org | Release Notes |
| advisories.checkpoint.com/defense/advisories/public/2011/cpai-2010-151.html | [email protected] | advisories.checkpoint.com | Third Party Advisory |
| www.vulncheck.com/advisories/proftpd-backdoor-command-execution | [email protected] | www.vulncheck.com | Third Party Advisory |
| raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/ftp/... | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | raw.githubusercontent.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.