Bugtraq mailing list archives
Re: BIG BROTHER EXPLOIT
From: delepine () U-PICARDIE FR (Jean Charles Delepine)
Date: Wed, 12 Jul 2000 14:25:00 +0200
Eric Hines <eric.hines () nuasis com> writes:
Revision to last post, the affected versions ALSO include v1.4H. Its all current versions, including the newest.
Change for 1.4h2 10 Jul 2000 web/bb-hostsvc.sh Fixed security hole: outsiders could peek on any file the web server had access. Thanks to Eric Hines <eric.hines () nuasis com> and Safety The 1.4h2 is the one served in http://bb4.com/download.html http://server/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/passwd ERROR! bb-hostsvc.sh called with invalid arguments Jean Charles -- Jean Charles Delépine - Équipe Réseaux Télécoms - Université de Picardie -+- If NT is the answer, you didn't understand the question. -+-
Current thread:
- Re: BIG BROTHER EXPLOIT Jean Charles Delepine (Jul 12)