Writable FTP Directory
CAN 1999-0527
Summary
In this situation a directory on the FTP server is writable for anonymous users. To put this another way,
anonymous users are allowed to remove and place files into the directory on the server.
Impact
- Remote command execution
Anonymous users are able to place files on the FTP server
and then execute them.
- Remote file substitution
Anonymous users are able to replace existing files in the FTP
directory.
Background
The File Transfer Protocol (FTP) allows users to store or retrieve
files on the server from a client workstation. Some FTP servers have
an FTP (or anonymous) account, which allows access by users
who do not have an account on the system. Anonymous access is restricted
to the FTP home directory.
The Problem
When the FTP home directory of a UNIX host is writable, a remote
intruder can upload a .rhosts or .forward file to
gain access to the system, or may be able to replace files.
When a PC (DOS or MAC) permits anonymous users write access to its file
system, a remote intruder may be able replace arbitrary programs or
configuration files, or corrupt the file system by filling the directory up.
Resolution
To correct this vulnerability, make sure that the FTP home directory and all system files and
directories below it are owned by root (UNIX) or the Administrator
account (Windows NT). As a rule, no file or directory should be owned by the FTP account.
For both UNIX and Windows NT it is a good practice to make sure that system
files and directories are not writable by anonymous users. When the FTP server is on a UNIX
platform, another tip is to change the login shell of the FTP account to /bin/false.
Where can I read more about this?