Bugtraq mailing list archives
FW: Security Notice: Big Brother System and Network Monitor
From: stace.cunningham () KEESLER AF MIL (Cunningham Stace D MSgt 2 AF/XTI)
Date: Thu, 18 May 2000 15:13:33 -0500
-----Original Message----- From: Robert-Andre Croteau [mailto:robert () www bb4 com] Sent: Thursday, May 18, 2000 2:53 PM To: stace.cunningham () keesler af mil Subject: Security Notice: Big Brother System and Network Monitor =========================== Big Brother Security Notice =========================== Versions: All prior to 1.4g Module: bbd.c (the bb server: BBDISPLAY/BBPAGER) Affects: All BBDISPLAY/BBPAGER machines (running bbd) Summary: Vulnerabilities exists such that arbitrary commands can be executed with the same userid/permissions as the user running bbd. Fix: Download and install version 1.4g from http://bb4.com or If you have a fairly recent version of BB (1.3a+) you may be able to download version 1.4g from http://bb4.com and replace your current bbd.c/bb.h with the ones from the 1.4g archive. Recompile bbd (make) and reinstall(make install). YMMV ! Note: BB should not be run as root! Particularly vulnerable are the servers that are not protected by firewalls (nothing new!) , that do not use the etc/security file and use the enable/disable feature (optional and user compiled-in). This is a different notice than the one sent out on May 4th 2000. If you wish to be removed from this list please send mail to robert () bb4 com. Some of you may receive multiple due to the fact that you downloaded BB multiples times and entered a different e-mail address each time. Let me know which address is valid and which are not. Found by: Bryan Deeney <bdeeney () astro ocis temple edu>, Thanks! --- Robert-Andre Croteau BB4 Technologies Inc. robert () bb4 com
Current thread:
- FW: Security Notice: Big Brother System and Network Monitor Cunningham Stace D MSgt 2 AF/XTI (May 18)