bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Big_brother | Sean_macguire | 1.0 (including) | 1.0 (including) |
| Big_brother | Sean_macguire | 1.1 (including) | 1.1 (including) |
| Big_brother | Sean_macguire | 1.2 (including) | 1.2 (including) |
| Big_brother | Sean_macguire | 1.3 (including) | 1.3 (including) |
| Big_brother | Sean_macguire | 1.3b (including) | 1.3b (including) |
| Big_brother | Sean_macguire | 1.4 (including) | 1.4 (including) |
| Big_brother | Sean_macguire | 1.4g (including) | 1.4g (including) |
| Big_brother | Sean_macguire | 1.4h (including) | 1.4h (including) |
| Big_brother | Sean_macguire | 1.4h1 (including) | 1.4h1 (including) |
| Big_brother | Sean_macguire | 1.09b (including) | 1.09b (including) |
| Big_brother | Sean_macguire | 1.09c (including) | 1.09c (including) |
| Big_brother | Sean_macguire | 1.09d (including) | 1.09d (including) |