The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Big_brother | Sean_macguire | 1.0 (including) | 1.0 (including) |
| Big_brother | Sean_macguire | 1.1 (including) | 1.1 (including) |
| Big_brother | Sean_macguire | 1.2 (including) | 1.2 (including) |
| Big_brother | Sean_macguire | 1.3 (including) | 1.3 (including) |
| Big_brother | Sean_macguire | 1.3b (including) | 1.3b (including) |
| Big_brother | Sean_macguire | 1.4 (including) | 1.4 (including) |
| Big_brother | Sean_macguire | 1.4g (including) | 1.4g (including) |
| Big_brother | Sean_macguire | 1.4h (including) | 1.4h (including) |
| Big_brother | Sean_macguire | 1.4h1 (including) | 1.4h1 (including) |
| Big_brother | Sean_macguire | 1.09b (including) | 1.09b (including) |
| Big_brother | Sean_macguire | 1.09c (including) | 1.09c (including) |
| Big_brother | Sean_macguire | 1.09d (including) | 1.09d (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html
- http://www.osvdb.org/1472
- http://www.securityfocus.com/bid/1494
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5103
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html
- http://www.osvdb.org/1472
- http://www.securityfocus.com/bid/1494
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5103