FTP Writable Directories

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.

Synopsis :

The remote FTP server contains world-writable directories.

Description :

By crawling through the remote FTP server, Nessus discovered several
directories were marked as being world-writable.

This could have several negative impacts :

* Temporary file uploads are sometimes immediately available to
all anonymous users, allowing the FTP server to be used as
a 'drop' point. This may facilitate trading copyrighted,
pornographic, or questionable material.

* A user may be able to upload large files that consume disk
space, resulting in a denial of service condition.

* A user can upload a malicious program. If an administrator
routinely checks the 'incoming' directory, they may load a
document or run a program that exploits a vulnerability
in client software.

Solution :

Configure the remote FTP directories so that they are not world-

Risk factor :

Medium / CVSS Base Score : 6.4

Family: FTP

Nessus Plugin ID: 19782 (ftp_writeable_directories.nasl)

Bugtraq ID: