|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: BIG BROTHER EXPLOIT
From: Jean Charles Delepine (delepine
U-PICARDIE.FR)Date: Wed Jul 12 2000 - 07:25:00 CDT
- Next message: Jake Schleich: "Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER- short fix"
- Previous message: Vincent Danen: "MDKSA-2000:018 dump update"
- Maybe reply: Jean Charles Delepine: "Re: BIG BROTHER EXPLOIT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Eric Hines <eric.hinesnuasis.com> writes:
> Revision to last post, the affected versions ALSO include v1.4H. Its all
> current versions, including the newest.
Change for 1.4h2
10 Jul 2000 web/bb-hostsvc.sh Fixed security hole: outsiders
could peek on any file the
web server had access.
Thanks to Eric Hines <eric.hinesnuasis.com>
and Safety
The 1.4h2 is the one served in http://bb4.com/download.html
http://server/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/passwd
ERROR!
bb-hostsvc.sh called with invalid arguments
Jean Charles
-- Jean Charles Delépine - Équipe Réseaux Télécoms - Université de Picardie -+- If NT is the answer, you didn't understand the question. -+-
- Next message: Jake Schleich: "Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER- short fix"
- Previous message: Vincent Danen: "MDKSA-2000:018 dump update"
- Maybe reply: Jean Charles Delepine: "Re: BIG BROTHER EXPLOIT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]