Detections
Analytics
FTP Writable Directories
medium Nessus Plugin ID 19782
Language:
Synopsis
The remote FTP server contains world-writable directories.Description
By crawling through the remote FTP server, Nessus discovered several directories were marked as being world-writable.This could have several negative impacts :
- Temporary file uploads are sometimes immediately available to all anonymous users, allowing the FTP server to be used as a 'drop' point. This may facilitate trading copyrighted, pornographic, or questionable material.
- A user may be able to upload large files that consume disk space, resulting in a denial of service condition.
- A user can upload a malicious program. If an administrator routinely checks the 'incoming' directory, they may load a document or run a program that exploits a vulnerability in client software.
Solution
Configure the remote FTP directories so that they are not world- writable.Plugin Details
Severity: Medium
ID: 19782
File Name: ftp_writeable_directories.nasl
Version: 1.25
Type: remote
Family: FTP
Published: 10/4/2005
Updated: 2/11/2022
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: Score based on manual analysis
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS Score Source: manual
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Information
Excluded KB Items: global_settings/supplied_logins_only
Vulnerability Publication Date: 10/8/1997