ID OSVDB:6087 Type osvdb Reporter OSVDB Modified 1997-04-07T00:00:00
Description
Vulnerability Description
FreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account "ftp" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.
Solution Description
It is possible to correct the flaw by implementing the following workaround: use the vipw command to change "ftp::" to "ftp:*:" and the shell from "/bin/date" to "/nonexistent".
Also, FreeBSD has released a patch.
Short Description
FreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account "ftp" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.
References:
Vendor URL: http://www.freebsd.org
Mail List Post: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc
ISS X-Force ID: 7537
CVE-1999-1298
{"type": "osvdb", "published": "1997-04-07T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6087", "hashmap": [{"key": "affectedSoftware", "hash": "5cae359ecde0ee2b42ef9bc986fcd987"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "ff827fcf06687162eca0fe43c2a692b8"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "12692fece806f5c3499f3b5414ca201d"}, {"key": "href", "hash": "b7eae32f861fa5c16656024f249e9b8d"}, {"key": "modified", "hash": "88dd0e8c6c33a45be85514d7d4aad1fb"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "88dd0e8c6c33a45be85514d7d4aad1fb"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "49ddee5afd181af4af0b40f4a0cb8ae2"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "FreeBSD Sysinstall Anonymous FTP Misconfiguration", "affectedSoftware": [{"operator": "eq", "version": "2.2", "name": "FreeBSD"}, {"operator": "eq", "version": "2.2.1", "name": "FreeBSD"}, {"operator": "eq", "version": "2.1.5", "name": "FreeBSD"}, {"operator": "eq", "version": "2.1.7", "name": "FreeBSD"}, {"operator": "eq", "version": "2.1", "name": "FreeBSD"}, {"operator": "eq", "version": "2.1.6", "name": "FreeBSD"}], "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "references": [], "id": "OSVDB:6087", "hash": "b3301af16c6e70efc9de5d6e2cff2ba5d6121dec79269ff56d020d686c867667", "lastseen": "2017-04-28T13:20:00", "cvelist": ["CVE-1999-1298"], "modified": "1997-04-07T00:00:00", "description": "## Vulnerability Description\nFreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account \"ftp\" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.\n## Solution Description\nIt is possible to correct the flaw by implementing the following workaround: use the vipw command to change \"ftp::\" to \"ftp:*:\" and the shell from \"/bin/date\" to \"/nonexistent\".\n\nAlso, FreeBSD has released a patch.\n## Short Description\nFreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account \"ftp\" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.\n## References:\nVendor URL: http://www.freebsd.org\nMail List Post: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc\nISS X-Force ID: 7537\n[CVE-1999-1298](https://vulners.com/cve/CVE-1999-1298)\n"}
{"cve": [{"lastseen": "2016-09-03T02:27:12", "references": ["http://www.iss.net/security_center/static/7537.php", "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc"], "description": "Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.", "edition": 1, "reporter": "NVD", "published": "1997-04-07T00:00:00", "title": "CVE-1999-1298", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T02:27:12", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-1999-1298"], "scanner": [], "cpe": ["cpe:/o:freebsd:freebsd:2.1.0", "cpe:/o:freebsd:freebsd:2.2.1", "cpe:/o:freebsd:freebsd:2.2", "cpe:/o:freebsd:freebsd:2.1.7", "cpe:/o:freebsd:freebsd:2.1.5", "cpe:/o:freebsd:freebsd:2.1.6"], "modified": "2008-09-10T15:01:40", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1298", "id": "CVE-1999-1298", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
