Skip to main content

ProFTPD suffers back-door attack

The maintainers of the ProFTP open-source FTP server package have issued a warning to users of an attack on their site that left the source files infected with a back-door Trojan.

The attack, announced late yesterday on the ProFTPD-User mailing list, is thought to have occurred on the 28th of November by an unknown assailant who breached security in the main source repository's FTP software to replace the ProFTPD source code files with a copy containing a malicious back-door.

The affected files were distributed both on the official ProFTPD project download server and the distribution mirror service - potentially meaning that between the attack on the 28th of November and the flaw being discovered and patched late on the 1st of December, all source packages downloaded will have contained the back-door code.

It's a major security crisis for the project, with the Trojan allowing the unknown attacker full access to systems with the affected package installed - executing remote code as the root user account.

The security flaw that lead to the intrusion has now been resolved, and the source packages replaced with clean backups - but all users who downloaded ProFTPD source code between the 28th and today are advised to re-download the code and recompile as a matter of urgency.