Security alert

New versions, modules, add-ons, etc., will be posted here.

Postby Lightning » Mon Sep 05, 2005 2:16 pm

There has been a security problem found in 034 that relates to the "up,down,force,unforce,block,unblock" users. The problem is that when FTP is enabled it is possible to login with any of these users and gain access to the / directory with just using a "*" asteric for the password. This bug only relates to users of 034 and the simple solution is to manually edit the /etc/passwd file and delete those users from the file. An alternative is to add a password for those users in the advanced setup in the password dialout control section if you are actually using this function in FREESCO on a dialup configuration.

Regards,
Lewis Baughman
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GURU !!
 
Posts: 3011
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Return to FREESCO Announcements

Who is online

Users browsing this forum: No registered users and 1 guest