| VID |
16057 |
| Severity |
20 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The anonymous FTP server has a '.rhosts' file in its home directory. An attacker may use it to determine the trust relationships between this server and other hosts on the network.
In a few cases, remote attackers can compromise the system if configurations are wrong.
* References:
http://www.cert.org/advisories/CA-1993-10.html
* Platforms Affected:
FTP Any version
Linux Any version
Unix Any version |
| Recommendation |
If the .rhosts file is unintended one, it should be removed.
Disable the anonymous FTP service if it is not needed. Otherwise, it should be correctly configured and administered.
The anonymous FTP configuration guidelines are available from CERT Advisory CA-1993-10 at http://www.cert.org/advisories/CA-1993-10.html . These guidelines are intended to aid a system administrator in configuring anonymous FTP capabilities so as to minimize unintended use of services or resources. |
| Related URL |
CVE-1999-0497 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
543 (ISS) |
|
