Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER

From: adavis () THREKSTUN NET (Andrew L . Davis)
Date: Tue, 11 Jul 2000 17:53:28 -0400

On Tue, Jul 11, 2000 at 10:10:28AM -0700, Eric Hines wrote:

 The problem exists in the code where $HOSTSVC does not do authenticity
 checking for its assigned variable.

 e.g. http://www.bb4.com/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/passwd

 BB4 Technologies has already been notified and a patch is already out.
 It can be Downloaded from http://www.bb4.com/download.html


Quick fix.

Edit the file bbdef.sh located in $BBHOME/etc and change
the variable BBLOGSTATUS from DYNAMIC to STATIC.  Then remove the bb-hostsvc.sh
file from the cgi-bin directory.

On another note I could not get the /etc/shadow file to display but chould get
the /etc/passwd to display.  The major difference is that passwd was world
readable.  Also I am running suexe and the cgi files are being run as user
and group "bb" on my box.

--
 "...everybody happy but Zathras...but Zathras never happy...Zathras
  happy once, had friend once, but wheels fell off, very sad...."
                -- Zathras, Babylon 5
 Andrew L. Davis                                        adavis () threkstun net
Previous By Date Next
Previous By Thread Next

Current thread: