The H reports
that the vsftpd download site has been compromised and version 2.3.4
contains a back door. "The bad tarball included a backdoor in the
code which would respond to a user logging in with a user name ':)' by
listening on port 6200 for a connection and launching a shell when someone
connects." Anybody who downloaded and installed that version should
be looking to replace it quickly.
(Log in to post comments)