Anonymous FTP Writable root Directory

Critical Nessus Plugin ID 10088


The remote FTP server allows write access to the root directory.


It is possible to write on the root directory of the remote anonymous FTP server. This allows an attacker to upload arbitrary files which can be used in other attacks, or to turn the FTP server into a software distribution point.


Restrict write access to the root directory.

Plugin Details

Severity: Critical

ID: 10088

File Name: ftp_root.nasl

Version: $Revision: 1.33 $

Type: remote

Family: FTP

Published: 1999/06/22

Modified: 2015/06/09

Dependencies: 10079, 10092

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: ftp/login

Vulnerability Publication Date: 1997/10/08

Reference Information

CVE: CVE-1999-0527


CERT-CC: CA-1993-10