Anonymous FTP Writable root Directory

critical Nessus Plugin ID 10088

Synopsis

The remote FTP server allows write access to the root directory.

Description

It is possible to write on the root directory of the remote anonymous FTP server. This allows an attacker to upload arbitrary files which can be used in other attacks, or to turn the FTP server into a software distribution point.

Solution

Restrict write access to the root directory.

Plugin Details

Severity: Critical

ID: 10088

File Name: ftp_root.nasl

Version: 1.37

Type: remote

Family: FTP

Published: 6/22/1999

Updated: 10/10/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-1999-0527

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

Required KB Items: ftp/login

Vulnerability Publication Date: 10/8/1997

Reference Information

CVE: CVE-1999-0527

CERT-CC: CA-1993-10