CVE-1999-1298

Description

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

Severity

Overall Severity: N/A

CVSS Metrics

Type	Score	Severity	Vector

Affected Products

References

• ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc
  PatchVendor Advisory
• http://www.iss.net/security_center/static/7537.php
• http://www.osvdb.org/6087
• ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc
  PatchVendor Advisory
• http://www.iss.net/security_center/static/7537.php
• http://www.osvdb.org/6087