Lucene search

[email protected]CVE-1999-1298

HistoryApr 07, 1997 - 4:00 a.m.

CVE-1999-1298

1997-04-0704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sysinstall

freebsd 2.2.1

anonymous ftp

system vulnerability

security breach

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.3%

JSON

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

CPENameOperatorVersion
freebsd:freebsdfreebsdeq2.1.7
freebsd:freebsdfreebsdeq2.2
freebsd:freebsdfreebsdeq2.1.0
freebsd:freebsdfreebsdeq2.1.6
freebsd:freebsdfreebsdle2.2.1
freebsd:freebsdfreebsdeq2.1.5

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	2.1.7
freebsd:freebsd	freebsd	eq	2.2
freebsd:freebsd	freebsd	eq	2.1.0
freebsd:freebsd	freebsd	eq	2.1.6
freebsd:freebsd	freebsd	le	2.2.1
freebsd:freebsd	freebsd	eq	2.1.5

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc

www.iss.net/security_center/static/7537.php

www.osvdb.org/6087

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.3%

JSON