Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: FW: Security Notice: Big Brother System and Network Monitor
From: Cunningham Stace D MSgt 2 AF/XTI (stace.cunninghamKEESLER.AF.MIL)
Date: Thu May 18 2000 - 15:13:33 CDT
- Next message: Jim Paris: "Kerberos ksu and krshd exploits"
- Previous message: bacano: "Fw: [suse-security-announce] SuSE Security Announcement - kernel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
From: Robert-Andre Croteau [mailto:robertwww.bb4.com]
Sent: Thursday, May 18, 2000 2:53 PM
Subject: Security Notice: Big Brother System and Network Monitor
Big Brother Security Notice
Versions: All prior to 1.4g
Module: bbd.c (the bb server: BBDISPLAY/BBPAGER)
Affects: All BBDISPLAY/BBPAGER machines (running bbd)
Summary: Vulnerabilities exists such that
arbitrary commands can be executed with the same
userid/permissions as the user running bbd.
Fix: Download and install version 1.4g from http://bb4.com
If you have a fairly recent version of BB (1.3a+) you may
be able to download version 1.4g from http://bb4.com and replace
your current bbd.c/bb.h with the ones from the 1.4g archive.
Recompile bbd (make) and reinstall(make install). YMMV !
Note: BB should not be run as root!
Particularly vulnerable are the servers that are not
protected by firewalls (nothing new!) , that do not
use the etc/security file and use the enable/disable
feature (optional and user compiled-in).
This is a different notice than the one sent out
on May 4th 2000.
If you wish to be removed from this list please send mail
to robertbb4.com. Some of you may receive multiple
due to the fact that you downloaded BB multiples times
and entered a different e-mail address each time. Let
me know which address is valid and which are not.
Found by: Bryan Deeney <bdeeneyastro.ocis.temple.edu>, Thanks!
--- Robert-Andre Croteau BB4 Technologies Inc. robertbb4.com