exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

sa97-03

sa97-03
Posted Sep 23, 1999

sysinstall bug

systems | freebsd
SHA-256 | 8189902910c0c12acad3b5152a62b2f8e9467569cc36bd34c31a46bc774fb825

sa97-03

Change Mirror Download

From aleph1@DFW.NET Wed Apr 9 12:23:26 1997
Date: Mon, 7 Apr 1997 16:05:55 -0500
From: Aleph One <aleph1@DFW.NET>
Reply-To: security-officer@freebsd.org
To: BUGTRAQ@NETSPACE.ORG
Subject: FreeBSD Security Advisory: FreeBSD-SA-97:03.sysinstall

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-97:03 Security Advisory
FreeBSD, Inc.

Topic: sysinstall bug

Category: core
Module: sysinstall
Announced: 1997-04-07
Affects: FreeBSD 2.1, FreeBSD 2.1.5, FreeBSD 2.1.6 and FreeBSD 2.1.7
FreeBSD 2.2 and FreeBSD 2.2.1.

Corrected: all versions as of 1997-04-01. This includes the installation floppies for FreeBSD 2.2.1 found on:
ftp://ftp.FreeBSD.org/pub/FreeBSD/2.2.1-RELEASE/floppies/newer/
Also the CDROM of FreeBSD 2.2.1 has this problem corrected.
Source: FreeBSD
FreeBSD only: yes

Patches:

=============================================================================

I. Background

Sysinstall is used both for fresh installations of FreeBSD as
well as post installation updates, like installing packages
from CDROM or ftp sites.

II. Problem Description

One of the port installation options in sysinstall is to install
an anonymous ftp setup on the system. In such a setup, an extra
user needs to be created on the system, with username 'ftp'.
This user is created with the shell equal to '/bin/date' and an
empty password.

III. Impact

Under some circumstances, this will allow unauthorized access
of system resources.

IV. Solution(s)

Change the entry of the ftp user such that is has an invalid password
and an invalid shell. This can be done by becoming the superuser,
and use the vipw command. Go to the line that starts with ftp::
and change ftp:: to ftp:*:
Also change, on the same line, the shell from /bin/date to /nonexistent.

If you have not yet used sysinstall to create an anonymous ftp setup,
but are planning to, please apply one of the following patches:

Patch for FreeBSD 2.1.5, 2.1.6, 2.2 and 2.2.1:

--- anonFTP.c 1996/04/28 03:26:42 1.14
+++ anonFTP.c 1997/04/07 17:20:16
@@ -195,7 +195,7 @@
return (DITEM_SUCCESS); /* succeeds if already exists */
}

- sprintf(pwline, "%s::%s:%d::0:0:%s:%s:/bin/date\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir);
+ sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir);

fptr = fopen(_PATH_MASTERPASSWD,"a");
if (! fptr) {

Patch for FreeBSD 2.1:

--- anonFTP.c 1995/11/12 07:27:55 1.6
+++ anonFTP.c 1997/04/03 19:29:21
@@ -201,7 +201,7 @@
return (RET_SUCCESS); /* succeeds if already exists */
}

- sprintf(pwline, "%s::%s:%d::0:0:%s:%s:/bin/date\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir);
+ sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir);

fptr = fopen(_PATH_MASTERPASSWD,"a");
if (! fptr) {

=============================================================================
FreeBSD, Inc.

Web Site: http://www.freebsd.org/
Confidential contacts: security-officer@freebsd.org
PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc
Security notifications: security-notifications@freebsd.org
Security public discussion: security@freebsd.org

Notice: Any patches in this document may not apply cleanly due to
modifications caused by digital signature or mailer software.
Please reference the URL listed at the top of this document
for original copies of all patches if necessary.
=============================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBM0kvaFUuHi5z0oilAQHzVgP/TwmyRgBAF1Hs/jSihpAzFTRfHXdX/8+r
7mO7OHtM8vBTX1SPaYOr+DdSI2PkcSU4Y8O2OsdR3O4asV52LT5d/qWqJVQbN8bM
majL9ufeH3WotZHEJAo6nHf0/Cw+Aml2MytnaBiOHhvtiiY9aAEiYQve5TEwVbhE
92/GUaLo3uY=
=VjRL
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close