Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.
1997-04-07T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | freebsd | freebsd | ≤ 2.2.1 | Yes |
| Operating System | freebsd | freebsd | 2.1.0 | Yes |
| Operating System | freebsd | freebsd | 2.1.5 | Yes |
| Operating System | freebsd | freebsd | 2.1.6 | Yes |
| Operating System | freebsd | freebsd | 2.1.7 | Yes |
| Operating System | freebsd | freebsd | 2.2 | Yes |