vsftpd 2.3.4 backdoor exploit (CVE-2011-2523) was a significant supply chain attack where a malicious version of the "Very Secure FTP Daemon" was briefly hosted on the official master site in 2011. The Exploit: How it Works
#!/usr/bin/env python3 import socket import sys vsftpd 208 exploit github fix
The vulnerability is triggered when a user logs in with a username that ends in a , such as admin:) . This specific character sequence triggers a malicious function, vsf_sysutil_extra() , which opens a listener on TCP port 6200 with root privileges. Attackers can then connect to this port using tools like Netcat to execute arbitrary shell commands. How to Fix It vsftpd 2