|
Vulnerability bbd (the bb server: BBDISPLAY/BBPAGER) Affected All BBDISPLAY/BBPAGER machines (running bbd) prior to 1.4g Description Following is based on Big Brother Security Notice. Vulnerability exists such that arbitrary commands can be executed with the same userid/permissions as the user running bbd. Particularly vulnerable are the servers that are not protected by firewalls (nothing new!) , that do not use the etc/security file and use the enable/disable feature (optional and user compiled-in). Solution Download and install version 1.4g from http://bb4.com or if you have a fairly recent version of BB (1.3a+) you may be able to download version 1.4g from http://bb4.com and replace your current bbd.c/bb.h with the ones from the 1.4g archive. Recompile bbd (make) and reinstall(make install). Note: BB should not be run as root!