Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Big Brother filename extension vulnerability
From: xternal (xternal1YAHOO.COM)
Date: Tue Jul 11 2000 - 18:11:39 CDT
- Next message: Richard Rager: "Re: ftpd: the advisory version"
- Previous message: Henrik Nordstrom: "Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
versions affected: bb14h2 (current) and older
bbd listens for incoming connections on port 1984.
Using telnet or the bb client, it is possible to
connect and create a filename with an arbitrary
extension, as the extension is not rigorously checked.
As this file is droped into a directory accessible
via the web server, any file extension that is parsed
server side can be abused. For example:
./bb 126.96.36.199 "status evil.php3 <?<system(\"cat
will allow viewing of the /etc/passwd upon browsing to
-Modify bbd.c to only allowed specified file
extensions(.disk, .proc ...)
-Implement access restrictions via
$BBHOME/etc/security to minimize exposure to
vulnerabilities. Unfortunately, the default install
doesn't enable the security file.
Do You Yahoo!?
Get Yahoo! Mail – Free email you can access from anywhere!