CVE-1999-1298

CVSS 7.5 - HIGH

Description

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

Affected Products

Vendor	Product	Version
freebsd	freebsd	`All versions`
freebsd	freebsd	`2.1.0`
freebsd	freebsd	`2.1.5`
freebsd	freebsd	`2.1.6`
freebsd	freebsd	`2.1.7`
freebsd	freebsd	`2.2`

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/...

http://www.iss.net/security_center/static/7537.php

http://www.osvdb.org/6087

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/...

http://www.iss.net/security_center/static/7537.php

http://www.osvdb.org/6087

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-1999-1298
Published:: 1997-04-07
Modified:: 2026-04-16
CVSS Score:: 7.5
Severity:: HIGH
Vector:: AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Vendors

freebsd

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL