suse · CVE-2010-20103

Quick triage

Priority: critical Published: 2025-11-05 05:52:32 UTC Updated: 2025-11-05 05:52:32 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2010-20103 severity critical: SUSE including 9 source package names (proftpd, proftpd-devel, …), 27 product×package rows across 3 product lines (SUSE Linux Enterprise Module for Server Applications 15 SP6, SUSE Linux Enterprise Module for Server Applications 15 SP7, openSUSE Leap 15.6): Known Not Affected 27.

Description:

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

cvelogic Threat Intelligence