An error occurred:

Check: GEN005020

SUSE Linux Enterprise Server v11 for System z STIG: GEN005020 (in versions v1 r12 through v1 r9)

Title

The anonymous FTP account must be configured to use chroot or a similarly isolated environment. (Cat II impact)

Discussion

If an anonymous FTP account does not use a chroot or similarly isolated environment, the system may be more vulnerable to exploits against the FTP service. Such exploits could allow an attacker to gain shell access to the system and view, edit, or remove sensitive files.

Check Content

For vsftp: The FTP anonymous user is, by default, chrooted to the ftp users home directory as defined in the /etc/passwd file. This is integral to the server and may not be disabled.

Fix Text

There is no fix associated with this vulnerability.

Additional Identifiers

Rule ID: SV-46157r1_rule

Vulnerability ID: V-4388

Group Title: GEN005020

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings