diff --git a/typo3/sysext/reports/reports/locallang.xlf b/typo3/sysext/reports/reports/locallang.xlf
index 201f124aa62d30f3586400c13f99c396d82bd1fe..426839bbed6d73b528e835dd8c172c8f0c8d651e 100644
--- a/typo3/sysext/reports/reports/locallang.xlf
+++ b/typo3/sysext/reports/reports/locallang.xlf
@@ -72,6 +72,18 @@
 			<trans-unit id="status_PhpMagicQuotesGpc" xml:space="preserve">
 				<source>PHP magic_quotes_gpc</source>
 			</trans-unit>
+			<trans-unit id="status_CreatedFilePermissions" xml:space="preserve">
+				<source>Permissions of created files</source>
+			</trans-unit>
+			<trans-unit id="status_CreatedFilePermissions.writable" xml:space="preserve">
+				<source>Files created by TYPO3 are configured to be world writeable. Depending on your server configuration, this can be a security risk. It is usually better to configure the create mask to not allow writing to files by "others". A sane default is often '0660' for $GLOBALS['TYPO3_CONF_VARS']['BE']['fileCreateMask']. This can be set in the install tool.</source>
+			</trans-unit>
+			<trans-unit id="status_CreatedDirectoryPermissions" xml:space="preserve">
+				<source>Permissions of created directories</source>
+			</trans-unit>
+			<trans-unit id="status_CreatedDirectoryPermissions.writable" xml:space="preserve">
+				<source>Directories created by TYPO3 are configured to be world writeable. Depending on your server configuration, this can be a security risk. It is usually better to configure the create mask to not allow writing to directories by "others". A sane default is often '2770' for $GLOBALS['TYPO3_CONF_VARS']['BE']['folderCreateMask']. This can be set in the install tool.</source>
+			</trans-unit>
 			<trans-unit id="status_adminUserAccount" xml:space="preserve">
 				<source>Admin User Account</source>
 			</trans-unit>
diff --git a/typo3/sysext/reports/reports/status/class.tx_reports_reports_status_configurationstatus.php b/typo3/sysext/reports/reports/status/class.tx_reports_reports_status_configurationstatus.php
index bc89ebb30421593c19770f9a5e5a1d83b39b2b27..7978def67e41b1f2868cd8c13804b4d3ec29c4c6 100644
--- a/typo3/sysext/reports/reports/status/class.tx_reports_reports_status_configurationstatus.php
+++ b/typo3/sysext/reports/reports/status/class.tx_reports_reports_status_configurationstatus.php
@@ -62,8 +62,8 @@ class tx_reports_reports_status_ConfigurationStatus implements tx_reports_Status
 		$this->executeAdminCommand();
 
 		$statuses = array(
-			'emptyReferenceIndex'   => $this->getReferenceIndexStatus(),
-			'deprecationLog'        => $this->getDeprecationLogStatus()
+			'emptyReferenceIndex' => $this->getReferenceIndexStatus(),
+			'deprecationLog' => $this->getDeprecationLogStatus(),
 		);
 
 			// Do not show status about non-existent features
@@ -76,6 +76,11 @@ class tx_reports_reports_status_ConfigurationStatus implements tx_reports_Status
 			$statuses['memcachedConnection'] = $this->getMemcachedConnectionStatus();
 		}
 
+		if (TYPO3_OS !== 'WIN') {
+			$statuses['createdFilesWorldWritable'] = $this->getCreatedFilesWorldWritableStatus();
+			$statuses['createdDirectoriesWorldWritable'] = $this->getCreatedDirectoriesWorldWritableStatus();
+		}
+
 		return $statuses;
 	}
 
@@ -298,6 +303,56 @@ class tx_reports_reports_status_ConfigurationStatus implements tx_reports_Status
 		);
 	}
 
+	/**
+	 * Warning, if fileCreateMask has write bit for 'others' set.
+	 *
+	 * @return tx_reports_reports_status_Status The writable status for 'others'
+	 */
+	protected function getCreatedFilesWorldWritableStatus() {
+		$value = $GLOBALS['LANG']->getLL('status_ok');
+		$message = '';
+		$severity = tx_reports_reports_status_Status::OK;
+
+		if (((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['fileCreateMask'] % 10) & 2) {
+			$value = $GLOBALS['TYPO3_CONF_VARS']['BE']['fileCreateMask'];
+			$severity = tx_reports_reports_status_Status::WARNING;
+			$message = $GLOBALS['LANG']->getLL('status_CreatedFilePermissions.writable');
+		}
+
+		return t3lib_div::makeInstance(
+			'tx_reports_reports_status_Status',
+			$GLOBALS['LANG']->getLL('status_CreatedFilePermissions'),
+			$value,
+			$message,
+			$severity
+		);
+	}
+
+	/**
+	 * Warning, if folderCreateMask has write bit for 'others' set.
+	 *
+	 * @return tx_reports_reports_status_Status The writable status for 'others'
+	 */
+	protected function getCreatedDirectoriesWorldWritableStatus() {
+		$value = $GLOBALS['LANG']->getLL('status_ok');
+		$message = '';
+		$severity = tx_reports_reports_status_Status::OK;
+
+		if (((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['folderCreateMask'] %10) & 2) {
+			$value = $GLOBALS['TYPO3_CONF_VARS']['BE']['folderCreateMask'];
+			$severity = tx_reports_reports_status_Status::WARNING;
+			$message = $GLOBALS['LANG']->getLL('status_CreatedDirectoryPermissions.writable');
+		}
+
+		return t3lib_div::makeInstance(
+			'tx_reports_reports_status_Status',
+			$GLOBALS['LANG']->getLL('status_CreatedDirectoryPermissions'),
+			$value,
+			$message,
+			$severity
+		);
+	}
+
 	/**
 	 * Creates a link to the deprecation log file with the absolute path as the
 	 * link text.