FreeBSD Sysinstall Anonymous FTP Misconfiguration

1997-04-07T00:00:00
ID OSVDB:6087
Type osvdb
Reporter OSVDB
Modified 1997-04-07T00:00:00

Description

Vulnerability Description

FreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account "ftp" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.

Solution Description

It is possible to correct the flaw by implementing the following workaround: use the vipw command to change "ftp::" to "ftp:*:" and the shell from "/bin/date" to "/nonexistent".

Also, FreeBSD has released a patch.

Short Description

FreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account "ftp" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.

References:

Vendor URL: http://www.freebsd.org Mail List Post: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc ISS X-Force ID: 7537 CVE-1999-1298