ID OSVDB:6087 Type osvdb Reporter OSVDB Modified 1997-04-07T00:00:00
Description
Vulnerability Description
FreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account "ftp" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.
Solution Description
It is possible to correct the flaw by implementing the following workaround: use the vipw command to change "ftp::" to "ftp:*:" and the shell from "/bin/date" to "/nonexistent".
Also, FreeBSD has released a patch.
Short Description
FreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account "ftp" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.
References:
Vendor URL: http://www.freebsd.org
Mail List Post: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc
ISS X-Force ID: 7537
CVE-1999-1298
{"type": "osvdb", "published": "1997-04-07T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6087", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 0, "edition": 1, "reporter": "OSVDB", "title": "FreeBSD Sysinstall Anonymous FTP Misconfiguration", "affectedSoftware": [{"operator": "eq", "version": "2.2", "name": "FreeBSD"}, {"operator": "eq", "version": "2.2.1", "name": "FreeBSD"}, {"operator": "eq", "version": "2.1.5", "name": "FreeBSD"}, {"operator": "eq", "version": "2.1.7", "name": "FreeBSD"}, {"operator": "eq", "version": "2.1", "name": "FreeBSD"}, {"operator": "eq", "version": "2.1.6", "name": "FreeBSD"}], "enchantments": {"score": {"value": 5.3, "vector": "NONE", "modified": "2017-04-28T13:20:00", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-1999-1298"]}], "modified": "2017-04-28T13:20:00", "rev": 2}, "vulnersScore": 5.3}, "references": [], "id": "OSVDB:6087", "lastseen": "2017-04-28T13:20:00", "cvelist": ["CVE-1999-1298"], "modified": "1997-04-07T00:00:00", "description": "## Vulnerability Description\nFreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account \"ftp\" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.\n## Solution Description\nIt is possible to correct the flaw by implementing the following workaround: use the vipw command to change \"ftp::\" to \"ftp:*:\" and the shell from \"/bin/date\" to \"/nonexistent\".\n\nAlso, FreeBSD has released a patch.\n## Short Description\nFreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account \"ftp\" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.\n## References:\nVendor URL: http://www.freebsd.org\nMail List Post: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc\nISS X-Force ID: 7537\n[CVE-1999-1298](https://vulners.com/cve/CVE-1999-1298)\n"}
{"cve": [{"lastseen": "2020-12-09T19:19:23", "description": "Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.", "edition": 5, "cvss3": {}, "published": "1997-04-07T04:00:00", "title": "CVE-1999-1298", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-1298"], "modified": "2008-09-10T19:01:00", "cpe": ["cpe:/o:freebsd:freebsd:2.1.0", "cpe:/o:freebsd:freebsd:2.2.1", "cpe:/o:freebsd:freebsd:2.2", "cpe:/o:freebsd:freebsd:2.1.7", "cpe:/o:freebsd:freebsd:2.1.5", "cpe:/o:freebsd:freebsd:2.1.6"], "id": "CVE-1999-1298", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1298", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*"]}]}