FTP 'CWD ~root' Command Privilege Escalation
Critical Nessus Plugin ID 10083
SynopsisThe remote FTP server is affected by a command privilege escalation vulnerability.
DescriptionThe remote FTP server is affected by a flaw that may allow a remote attacker to gain unauthorized privileges. An attacker can exploit this flaw by issuing a specially crafted request to the 'CWD ~root' command.
SolutionDisallow FTP login for root, and make sure root's home directory is not world readable.