Linux Anonymous FTP Access Enabled - Security Misconfiguration

漏洞信息

漏洞名称: Linux Anonymous FTP Access Enabled - Security Misconfiguration

漏洞类型: 配置问题

漏洞等级: 高危

漏洞描述: 该漏洞涉及Linux系统中FTP服务的匿名访问配置问题。FTP(文件传输协议)是一种广泛用于文件共享的服务,常见于企业内部和互联网上的文件服务器。当匿名FTP账户被启用时,恶意用户可能利用此功能匿名登录,并在可写目录中上传恶意文件,从而可能获得未授权访问或执行本地漏洞利用。

漏洞的技术根源在于FTP服务配置不当,具体表现为在/etc/passwd中存在的FTP用户账户,或在vsFTPD配置文件中设置了anonymous_enable=YES,或在ProFTPD配置文件中发现了’UserAlias anonymous ftp’的配置。这些配置错误使得系统暴露于未授权的访问和潜在的安全威胁之下。

此漏洞的安全风险较高,因为它可能导致恶意用户利用匿名访问权限进行文件上传,进而可能执行本地漏洞利用,导致数据泄露、服务中断或其他恶意活动。攻击者无需认证即可利用此漏洞,且可以自动化工具进行大规模扫描和利用,因此对受影响系统的威胁较大。

产品名称: Linux FTP Services (vsFTPD, ProFTPD)

来源: https://github.com/projectdiscovery/nuclei-templates/blob/dfc176303ffebe3d9f231045fa3abe2cf2ca9874/misconfiguration%2Flinux%2Flinux-anonymous-ftp-disabled.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

id: linux-anonymous-ftp-disabled

info:
  name: Linux Anonymous FTP Access Enabled - Security Misconfiguration
  author: songyaeji
  severity: high
  description: >
    If the anonymous FTP account is enabled, malicious users may exploit it to log in anonymously
    and write to directories, potentially gaining unauthorized access or executing local exploits
    against the system. This template checks for signs that anonymous FTP is enabled
    via /etc/passwd, vsFTPD, or ProFTPD configuration files.
  reference:
    - https://isms.kisa.or.kr
    - Cloud Vulnerability Assessment Guide(2024) by KISA
  tags: linux,ftp,anonymous,vsftpd,proftpd,misconfiguration,local
  metadata:
    verified: true
    os: linux
    max-request: 1
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
    cvss-score: 8.6
    cwe-id: CWE-200

self-contained: true

code:
  - engine:
      - bash
    source: |
      ftp_user=$(grep -E '^ftp:' /etc/passwd)
      vsftp_enabled=$(grep -i 'anonymous_enable' /etc/vsftpd/vsftpd.conf 2>/dev/null | grep -i yes)
      proftp_alias=$(grep -i 'UserAlias[[:space:]]\+anonymous' /etc/proftpd/proftpd.conf 2>/dev/null)

      if [ -n "$ftp_user" ]; then
        echo "[VULNERABLE] FTP user exists in /etc/passwd"
      fi

      if [ -n "$vsftp_enabled" ]; then
        echo "[VULNERABLE] anonymous_enable=YES is set in vsftpd.conf"
      fi

      if [ -n "$proftp_alias" ]; then
        echo "[VULNERABLE] 'UserAlias anonymous ftp' found in proftpd.conf"
      fi

      if [ -z "$ftp_user" ] && [ -z "$vsftp_enabled" ] && [ -z "$proftp_alias" ]; then
        echo "[SAFE] Anonymous FTP is properly disabled"
      fi
    matchers:
      - type: word
        part: code_1_response
        words:
          - "[VULNERABLE]"

Github Poc
#projectdiscovery/nuclei-templates:github issues #配置问题
Linux Anonymous FTP Access Enabled - Security Misconfiguration
http://example.com/2025/07/31/github_2396357473/
作者
lianccc
发布于
2025年7月31日
许可协议