bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Big_brother | Sean_macguire | 1.0 (including) | 1.0 (including) |
| Big_brother | Sean_macguire | 1.1 (including) | 1.1 (including) |
| Big_brother | Sean_macguire | 1.2 (including) | 1.2 (including) |
| Big_brother | Sean_macguire | 1.3 (including) | 1.3 (including) |
| Big_brother | Sean_macguire | 1.3b (including) | 1.3b (including) |
| Big_brother | Sean_macguire | 1.4 (including) | 1.4 (including) |
| Big_brother | Sean_macguire | 1.4g (including) | 1.4g (including) |
| Big_brother | Sean_macguire | 1.4h (including) | 1.4h (including) |
| Big_brother | Sean_macguire | 1.4h1 (including) | 1.4h1 (including) |
| Big_brother | Sean_macguire | 1.09b (including) | 1.09b (including) |
| Big_brother | Sean_macguire | 1.09c (including) | 1.09c (including) |
| Big_brother | Sean_macguire | 1.09d (including) | 1.09d (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html
- http://bb4.com/README.CHANGES
- http://www.securityfocus.com/bid/1455
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4879
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html
- http://bb4.com/README.CHANGES
- http://www.securityfocus.com/bid/1455
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4879