Info

Disclosure

Jun 07, 2000

Discovery

Unknown

Dates

Exploit

Jun 07, 2000

Solution

Unknown

Description

SSH port in FreeBSD contains a misconfiguration in its sshd_config file that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the SSH daemon is configured to listen on network port 722, in addition to the usual port 22. This flaw may allow malicious users to bypass firewall restrictions and lead to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. While various solutions are available, it is possible to fully correct the flaw by simply removing the line "Port 722" in /usr/local/etc/sshd_config and restarting sshd.

Products

FreeBSD Project

FreeBSD

4.0

References

Bugtraq ID: 1323
CVE ID: 2000-0532 (see also: NVD)
ISS X-Force ID: 4638
Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:21.ssh.asc.v1.1
Vendor URL: http://www.freebsd.org

Credit

Jan Koum - jkbbest.com -

Direct URL: http://osvdb.org/1387