FreeBSD SSH Port Extra Network Port

2000-06-07T00:00:00
ID OSVDB:1387
Type osvdb
Reporter Jan Koum(jkb@best.com)
Modified 2000-06-07T00:00:00

Description

Vulnerability Description

SSH port in FreeBSD contains a misconfiguration in its sshd_config file that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the SSH daemon is configured to listen on network port 722, in addition to the usual port 22. This flaw may allow malicious users to bypass firewall restrictions and lead to a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. While various solutions are available, it is possible to fully correct the flaw by simply removing the line "Port 722" in /usr/local/etc/sshd_config and restarting sshd.

Short Description

SSH port in FreeBSD contains a misconfiguration in its sshd_config file that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the SSH daemon is configured to listen on network port 722, in addition to the usual port 22. This flaw may allow malicious users to bypass firewall restrictions and lead to a loss of integrity.

References:

Vendor URL: http://www.freebsd.org Vendor Specific Advisory URL ISS X-Force ID: 4638 CVE-2000-0532 Bugtraq ID: 1323