Description
Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.
References (3)
Core 3
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_freebsd
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/6087
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/7537.php
Scores
EPSS
0.0053
EPSS Percentile
67.3%
Details
Status
published
Products (6)
freebsd/freebsd
2.1.0
freebsd/freebsd
2.1.5
freebsd/freebsd
2.1.6
freebsd/freebsd
2.1.7
freebsd/freebsd
2.2
freebsd/freebsd
< 2.2.1
Published
Apr 07, 1997
Tracked Since
Feb 18, 2026