Tutorial - writable FTP home directory

Writable FTP home directory


Summary

FTP home directory is writable for anonymous users.

Impact

Remote command execution, remote file substitution.

The problem

When the FTP home directory of a UNIX host is writable, a remote intruder can upload a .rhosts or .forward file to gain access to the system, or may be able to replace files.

When a PC (DOS or MAC) permits anonymous users write access to its file system, a remote intruder may be able replace arbitrary programs or configuration files, or corrupt the file system by filling it up.

Fix (UNIX)

Other tips (UNIX)