|
Bugtraq
mailing list archives
Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER
From: adavis () THREKSTUN NET (Andrew L . Davis)
Date: Tue, 11 Jul 2000 17:53:28 -0400
On Tue, Jul 11, 2000 at 10:10:28AM -0700, Eric Hines wrote:
The problem exists in the code where $HOSTSVC does not do authenticity
checking for its assigned variable.
e.g. http://www.bb4.com/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/passwd
BB4 Technologies has already been notified and a patch is already out.
It can be Downloaded from http://www.bb4.com/download.html
Quick fix.
Edit the file bbdef.sh located in $BBHOME/etc and change
the variable BBLOGSTATUS from DYNAMIC to STATIC. Then remove the bb-hostsvc.sh
file from the cgi-bin directory.
On another note I could not get the /etc/shadow file to display but chould get
the /etc/passwd to display. The major difference is that passwd was world
readable. Also I am running suexe and the cgi files are being run as user
and group "bb" on my box.
--
"...everybody happy but Zathras...but Zathras never happy...Zathras
happy once, had friend once, but wheels fell off, very sad...."
-- Zathras, Babylon 5
Andrew L. Davis adavis () threkstun net
 By Date 
By Thread
Current thread:
| 
Intro
