FTP Writable Directories

medium Nessus Plugin ID 19782

Synopsis

The remote FTP server contains world-writable directories.

Description

By crawling through the remote FTP server, Nessus discovered several directories were marked as being world-writable.

This could have several negative impacts :
- Temporary file uploads are sometimes immediately available to all anonymous users, allowing the FTP server to be used as a 'drop' point. This may facilitate trading copyrighted, pornographic, or questionable material.

- A user may be able to upload large files that consume disk space, resulting in a denial of service condition.

- A user can upload a malicious program. If an administrator routinely checks the 'incoming' directory, they may load a document or run a program that exploits a vulnerability in client software.

Solution

Configure the remote FTP directories so that they are not world- writable.

Plugin Details

Severity: Medium

ID: 19782

File Name: ftp_writeable_directories.nasl

Version: 1.25

Type: remote

Family: FTP

Published: 10/4/2005

Updated: 2/11/2022

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on manual analysis

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 10/8/1997