Anonymous FTP Writable Directory

1997-10-08T00:00:00
ID OSVDB:76
Type osvdb
Reporter OSVDB
Modified 1997-10-08T00:00:00

Description

Vulnerability Description

This host is running an FTP server that allows anonymous users to write to the root directory. This allows an attacker to upload files to this host to use in combination with another attack, or to use as a software distribution point.

Technical Description

This host is running an anonymous FTP server that grants users write access.

Solution Description

If the FTP server is not being used on this system, it should be disabled. If anonymous access is required, it should be restricted to read only access.

Short Description

This host is running an FTP server that allows anonymous users to write to the root directory. This allows an attacker to upload files to this host to use in combination with another attack, or to use as a software distribution point.

References:

Nessus Plugin ID:10332 CVE-1999-0497 CVE-1999-0527 CERT: CA-1993-10