OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Big Brother Advisory - Fate Research Labs
From: Loki (lokiF8LABS.COM)
Date: Tue Nov 21 2000 - 12:33:42 CST


    -----------------.---------------------------------------------.
  /| | . |
 / | : : : : : : |
| | :: ------ :: : :: | :: - |-----
| | :: : :: . : | | :: : |
| | : . |------| | : |
| | ------^ : | / | .
| ;----------"---------------^------ / ------'---------------------
| / / / /----' / /
|'----------'---------------'------' --------'---------------------'
                                www.f8labs.com

[ INTRODUCTION ]

Advisory .........: File Discovery Vulnerability
Release Date .....: 11-20-00
Application ......: bb-hist.sh
                    bb-histlog.sh
                    bb-hostsvc.sh
                    bb-rep.sh
                    bb-replog.sh
                    bb-ack.sh
Vendor Web Site ..: www.bb4.com
Versions Affected.: All installed BB CGI scripts prior to v1.5d3
Vendor Status ....: Contacted // Patch Available (Thanks Robert for
                    being so cooperative.)
WWW ..............: www.f8labs.com
SHOUTS ...........: Moo baby, Im a sexy cow, yea!

[ OVERVIEW ]

Big Brother is designed to let anyone - from omniscient Sys
Admins, to Pointy-Headed Bosses, see how the network is doing
in near real-time, from any web browser, anywhere.

[ ADVISORY ]

Vulnerabilities exists such that someone can identify if sensitive
files exists and determine user ids on the BBDISPLAY server(s)
and use those to launch a password brute-force attack.
e.g. http://www.victim.com/cgi-bin/bb-hist.sh?HISTFILE=/home/*

history
Mon Nov 20 22:07:25 EST 2000

Error reading history file [adam]

Utilizing this information, we are able to then validate not
only if sensitive files exist on the system, but also, valid
user accounts for a further brute-force attack on the system.

[ RESOURCES ]

Patch Details
http://bb4.com/incident.nov21

Big Brother Technologies
http://www.bb4.com

Fate Research Labs
http://www.f8labs.com

================================================================
Loki
Fate Research Labs
lokif8labs.com
----------------------------------------------------------------
BEGIN PGP SIGNATURE

iQA/AwUBOfZvfGnwBJRV5bxfEQJu7gCfQ/T0O9u75nzRGWVSeurNmnFRVr8Anj0c
M+UXhPDBvsm+ffRpv41zevQN
=3IRx
================================================================