| VID |
14078 |
| Severity |
20 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The host system's /etc/ftpusers file's permission or owner is unsafe. Ftpusers file inculdes list of users who are restricted to access to the ftp server. If the permission of the file is set unsafely, attacker can control ftp users.
* The vulnerability checks a path of the file specified in the ministry of security and public administration notify in supplement of 2012-54. If the file exists in other route, it might be a false positive.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Reset permissions of the file lower than 600 as the following
chmod 600 /etc/ftpusers or
chmod 600 /etc/ftpd/ftpusers
if the owner of the file is not root, change the owner
chown root /etc/ftpusers or
chown root /etc/ftpd/ftpusers |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
