The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Big_brother | Sean_macguire | 1.0 (including) | 1.0 (including) |
| Big_brother | Sean_macguire | 1.1 (including) | 1.1 (including) |
| Big_brother | Sean_macguire | 1.2 (including) | 1.2 (including) |
| Big_brother | Sean_macguire | 1.3 (including) | 1.3 (including) |
| Big_brother | Sean_macguire | 1.3b (including) | 1.3b (including) |
| Big_brother | Sean_macguire | 1.4 (including) | 1.4 (including) |
| Big_brother | Sean_macguire | 1.4g (including) | 1.4g (including) |
| Big_brother | Sean_macguire | 1.4h (including) | 1.4h (including) |
| Big_brother | Sean_macguire | 1.4h1 (including) | 1.4h1 (including) |
| Big_brother | Sean_macguire | 1.09b (including) | 1.09b (including) |
| Big_brother | Sean_macguire | 1.09c (including) | 1.09c (including) |
| Big_brother | Sean_macguire | 1.09d (including) | 1.09d (including) |