Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BIG BROTHER EXPLOIT

From: delepine () U-PICARDIE FR (Jean Charles Delepine)
Date: Wed, 12 Jul 2000 14:25:00 +0200

Eric Hines <eric.hines () nuasis com> writes:


Revision to last post, the affected versions ALSO include v1.4H. Its all
current versions, including the newest.


Change for 1.4h2
10 Jul 2000     web/bb-hostsvc.sh       Fixed security hole: outsiders
                                        could peek on any file the
                                        web server had access.
                                        Thanks to Eric Hines <eric.hines () nuasis com>
                                        and Safety

The 1.4h2 is the one served in http://bb4.com/download.html

http://server/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/passwd

ERROR!
bb-hostsvc.sh called with invalid arguments

                Jean Charles

-- 
Jean Charles Delépine - Équipe Réseaux Télécoms - Université de Picardie
   -+- If NT is the answer, you didn't understand the question. -+-
Previous By Date Next
Previous By Thread Next

Current thread: