| VID |
16004 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The anonymous FTP server has a writable home directory.
It is usually a bad idea to have world writable directories in a public FTP server, since it may allow anyone to use the FTP server as a 'warez' server (this means that the FTP server will be used to exchange copyrighted software between software pirates). It may also allow anyone to make a denial of service by filling up the hard disk.
And If the anonymous FTP server is an UNIX machine, an attacker can compromise the FTP server using r-commands or sendmail by making properly .rhosts and .forward files.
* References:
http://ciac.llnl.gov/ciac/bulletins/d-19.shtml
http://www.iss.net/security_center/static/53.php |
| Recommendation |
Remove root directory write permissions |
| Related URL |
CVE-1999-0527 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
