CCE-90511-7Platform: cpe:/o:ubuntu:ubuntu_linux:14.10 | Date: (C)2023-07-04 (M)2023-07-04 |
Is there a mission-critical reason for users to upload files via FTP? If not,
edit the vsftpd configuration file to add or correct the following configuration options:
'write_enable=NO'
If FTP uploads are necessary, follow the guidance in the remainder of this section to secure these transactions
as much as possible.
Parameter:
[yes/no]
Technical Mechanism:
Anonymous FTP can be a convenient way to make files available for universal download. However, it is less
common to have a need to allow unauthenticated users to place files on the FTP server. If this must be done, it
is necessary to ensure that files cannot be uploaded and downloaded from the same directory.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 9.1 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 5.2 | Privileges Required: NONE |
Severity: CRITICAL | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:26001 |