FTP Writable Directories
Medium Nessus Plugin ID 19782
SynopsisThe remote FTP server contains world-writable directories.
DescriptionBy crawling through the remote FTP server, Nessus discovered several directories were marked as being world-writable.
This could have several negative impacts :
* Temporary file uploads are sometimes immediately available to all anonymous users, allowing the FTP server to be used as a 'drop' point. This may facilitate trading copyrighted, pornographic, or questionable material.
* A user may be able to upload large files that consume disk space, resulting in a denial of service condition.
* A user can upload a malicious program. If an administrator routinely checks the 'incoming' directory, they may load a document or run a program that exploits a vulnerability in client software.
SolutionConfigure the remote FTP directories so that they are not world- writable.