bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Big_brother | Sean_macguire | 1.0 | 1.0 |
Big_brother | Sean_macguire | 1.1 | 1.1 |
Big_brother | Sean_macguire | 1.2 | 1.2 |
Big_brother | Sean_macguire | 1.3 | 1.3 |
Big_brother | Sean_macguire | 1.3b | 1.3b |
Big_brother | Sean_macguire | 1.4 | 1.4 |
Big_brother | Sean_macguire | 1.4g | 1.4g |
Big_brother | Sean_macguire | 1.4h | 1.4h |
Big_brother | Sean_macguire | 1.4h1 | 1.4h1 |
Big_brother | Sean_macguire | 1.09b | 1.09b |
Big_brother | Sean_macguire | 1.09c | 1.09c |
Big_brother | Sean_macguire | 1.09d | 1.09d |