Date: Mon, 7 Apr 1997 19:36:00 +0200 (MET DST) From: FreeBSD Security Officer <security-officer@freebsd.org> To: freebsd-security-notifications@freebsd.org, freebsd-announce@freebsd.org, freebsd-security@freebsd.org, first-teams@first.org Subject: FreeBSD Security Advisory: FreeBSD-SA-97:03.sysinstall Message-ID: <199704071736.TAA23949@gvr.win.tue.nl>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-97:03 Security Advisory FreeBSD, Inc. Topic: sysinstall bug Category: core Module: sysinstall Announced: 1997-04-07 Affects: FreeBSD 2.1, FreeBSD 2.1.5, FreeBSD 2.1.6 and FreeBSD 2.1.7 FreeBSD 2.2 and FreeBSD 2.2.1. Corrected: all versions as of 1997-04-01. This includes the installation floppies for FreeBSD 2.2.1 found on: ftp://ftp.FreeBSD.org/pub/FreeBSD/2.2.1-RELEASE/floppies/newer/ Also the CDROM of FreeBSD 2.2.1 has this problem corrected. Source: FreeBSD FreeBSD only: yes Patches: ============================================================================= I. Background Sysinstall is used both for fresh installations of FreeBSD as well as post installation updates, like installing packages from CDROM or ftp sites. II. Problem Description One of the port installation options in sysinstall is to install an anonymous ftp setup on the system. In such a setup, an extra user needs to be created on the system, with username 'ftp'. This user is created with the shell equal to '/bin/date' and an empty password. III. Impact Under some circumstances, this will allow unauthorized access of system resources. IV. Solution(s) Change the entry of the ftp user such that is has an invalid password and an invalid shell. This can be done by becoming the superuser, and use the vipw command. Go to the line that starts with ftp:: and change ftp:: to ftp:*: Also change, on the same line, the shell from /bin/date to /nonexistent. If you have not yet used sysinstall to create an anonymous ftp setup, but are planning to, please apply one of the following patches: Patch for FreeBSD 2.1.5, 2.1.6, 2.2 and 2.2.1: --- anonFTP.c 1996/04/28 03:26:42 1.14 +++ anonFTP.c 1997/04/07 17:20:16 @@ -195,7 +195,7 @@ return (DITEM_SUCCESS); /* succeeds if already exists */ } - sprintf(pwline, "%s::%s:%d::0:0:%s:%s:/bin/date\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); + sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); fptr = fopen(_PATH_MASTERPASSWD,"a"); if (! fptr) { Patch for FreeBSD 2.1: --- anonFTP.c 1995/11/12 07:27:55 1.6 +++ anonFTP.c 1997/04/03 19:29:21 @@ -201,7 +201,7 @@ return (RET_SUCCESS); /* succeeds if already exists */ } - sprintf(pwline, "%s::%s:%d::0:0:%s:%s:/bin/date\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); + sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); fptr = fopen(_PATH_MASTERPASSWD,"a"); if (! fptr) { ============================================================================= FreeBSD, Inc. Web Site: http://www.freebsd.org/ Confidential contacts: security-officer@freebsd.org PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc Security notifications: security-notifications@freebsd.org Security public discussion: security@freebsd.org Notice: Any patches in this document may not apply cleanly due to modifications caused by digital signature or mailer software. Please reference the URL listed at the top of this document for original copies of all patches if necessary. ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBM0kvaFUuHi5z0oilAQHzVgP/TwmyRgBAF1Hs/jSihpAzFTRfHXdX/8+r 7mO7OHtM8vBTX1SPaYOr+DdSI2PkcSU4Y8O2OsdR3O4asV52LT5d/qWqJVQbN8bM majL9ufeH3WotZHEJAo6nHf0/Cw+Aml2MytnaBiOHhvtiiY9aAEiYQve5TEwVbhE 92/GUaLo3uY= =VjRL -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704071736.TAA23949>