Insecure Permissions in Auto_FTP 0.2 Allows Unauthorized File Transfer and Viewing

Insecure Permissions in Auto_FTP 0.2 Allows Unauthorized File Transfer and Viewing

CVE-1999-1345 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred.

Learn more about our Cis Benchmark Audit For Server Software.