adavisTHREKSTUN.NET

• Next message: Gwendolynn ferch Elydyr: "RSA Aceserver UDP Flood Vulnerability"
• Previous message: Rikard Carlsson: "Infosec.20000712.worldclient.2.1"
• In reply to: Eric Hines: "REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER"
• Reply: Andrew L . Davis: "Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 11, 2000 at 10:10:28AM -0700, Eric Hines wrote:
> The problem exists in the code where $HOSTSVC does not do authenticity
> checking for its assigned variable.
>
> e.g. http://www.bb4.com/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/passwd
>
> BB4 Technologies has already been notified and a patch is already out.
> It can be Downloaded from http://www.bb4.com/download.html

Quick fix.

Edit the file bbdef.sh located in $BBHOME/etc and change
the variable BBLOGSTATUS from DYNAMIC to STATIC. Then remove the bb-hostsvc.sh
file from the cgi-bin directory.

On another note I could not get the /etc/shadow file to display but chould get
the /etc/passwd to display. The major difference is that passwd was world
readable. Also I am running suexe and the cgi files are being run as user
and group "bb" on my box.

--
 "...everybody happy but Zathras...but Zathras never happy...Zathras
  happy once, had friend once, but wheels fell off, very sad...."
		-- Zathras, Babylon 5
 Andrew L. Davis					adavisthrekstun.net

• Next message: Gwendolynn ferch Elydyr: "RSA Aceserver UDP Flood Vulnerability"
• Previous message: Rikard Carlsson: "Infosec.20000712.worldclient.2.1"
• In reply to: Eric Hines: "REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER"
• Reply: Andrew L . Davis: "Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]