FTP Writable Directories

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FTP server contains world-writable directories.

Description :

By crawling through the remote FTP server, Nessus discovered several
directories were marked as being world-writable.

This could have several negative impacts :

* Temporary file uploads are sometimes immediately available to
all anonymous users, allowing the FTP server to be used as
a 'drop' point. This may facilitate trading copyrighted,
pornographic or questionable material.

* A user may be able to upload large files that consume disk
space, resulting in a denial of service condition.

* A user can upload a malicious program. If an administrator
routinely checks the 'incoming' directory, they may load a
document or run a program that exploits a vulnerability
in client software.

Solution :

Configure the remote FTP directories so that they are not world-
writable.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)

Family: FTP

Nessus Plugin ID: 19782 (ftp_writeable_directories.nasl)

Bugtraq ID:

CVE ID: