Bugtraq mailing list archives
Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER
From: adavis () THREKSTUN NET (Andrew L . Davis)
Date: Tue, 11 Jul 2000 17:53:28 -0400
On Tue, Jul 11, 2000 at 10:10:28AM -0700, Eric Hines wrote:
The problem exists in the code where $HOSTSVC does not do authenticity checking for its assigned variable. e.g. http://www.bb4.com/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/passwd BB4 Technologies has already been notified and a patch is already out. It can be Downloaded from http://www.bb4.com/download.html
Quick fix. Edit the file bbdef.sh located in $BBHOME/etc and change the variable BBLOGSTATUS from DYNAMIC to STATIC. Then remove the bb-hostsvc.sh file from the cgi-bin directory. On another note I could not get the /etc/shadow file to display but chould get the /etc/passwd to display. The major difference is that passwd was world readable. Also I am running suexe and the cgi files are being run as user and group "bb" on my box. -- "...everybody happy but Zathras...but Zathras never happy...Zathras happy once, had friend once, but wheels fell off, very sad...." -- Zathras, Babylon 5 Andrew L. Davis adavis () threkstun net
Current thread:
- Pollit CGI-script opens doors! The Warlock (Jul 11)
- Logdaemon ftpd and setproctitle() Wietse Venema (Jul 10)
- Re: Pollit CGI-script opens doors! jerry (Jul 11)
- REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Eric Hines (Jul 11)
- Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Andrew L . Davis (Jul 11)
- Updated - Microsoft Security Bulletin (MS00-041) Microsoft Product Security (Jul 12)
- Netscape SmartDownload reports file information to AOL John L. Morello (Jul 12)
- RSA Aceserver UDP Flood Vulnerability Gwendolynn ferch Elydyr (Jul 12)
- ftp.pl vulnerability zillion @ safemode (Jul 12)
- ISC DHCP client v2 hole fixed...or not? Pavel Kankovsky (Jul 12)
- cvsweb: remote shell for cvs committers Joey Hess (Jul 12)
- FreeBSD Security Advisory: FreeBSD-SA-00:33.kerberosIV FreeBSD Security Advisories (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
- Lame DoS in WEBactive win65/NT server Prizm (Jul 13)
- Security Bulletins Digest patrick () PINE NL (Jul 13)
(Thread continues...)