FTP Writable Directories

Medium Nessus Plugin ID 19782


The remote FTP server contains world-writable directories.


By crawling through the remote FTP server, Nessus discovered several directories were marked as being world-writable.

This could have several negative impacts :

* Temporary file uploads are sometimes immediately available to all anonymous users, allowing the FTP server to be used as a 'drop' point. This may facilitate trading copyrighted, pornographic, or questionable material.

* A user may be able to upload large files that consume disk space, resulting in a denial of service condition.

* A user can upload a malicious program. If an administrator routinely checks the 'incoming' directory, they may load a document or run a program that exploits a vulnerability in client software.


Configure the remote FTP directories so that they are not world- writable.

Plugin Details

Severity: Medium

ID: 19782

File Name: ftp_writeable_directories.nasl

Version: $Revision: 1.20 $

Type: remote

Family: FTP

Published: 2005/10/04

Modified: 2014/12/23

Dependencies: 10092, 10079

Risk Information

Risk Factor: Medium


Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 1997/10/08

Reference Information