TUCoPS :: Web :: Adminware, Control Panels :: bbd2.htm

Big Brother (bbd) prior to 1.4g execute arbitrary code 
Vulnerability

    bbd (the bb server: BBDISPLAY/BBPAGER)

Affected

    All BBDISPLAY/BBPAGER machines (running bbd) prior to 1.4g

Description

    Following is based on Big Brother Security Notice.   Vulnerability
    exists such that arbitrary commands can be executed with the  same
    userid/permissions as the user running bbd.

    Particularly vulnerable are the servers that are not protected  by
    firewalls (nothing new!) , that  do not use the etc/security  file
    and   use   the   enable/disable   feature   (optional   and  user
    compiled-in).

Solution

    Download and install version 1.4g from

        http://bb4.com

    or if  you have  a fairly  recent version  of BB  (1.3a+) you  may
    be able to download  version 1.4g from http://bb4.com  and replace
    your  current  bbd.c/bb.h  with  the  ones  from the 1.4g archive.
    Recompile bbd (make) and reinstall(make install).

    Note: BB should not be run as root!

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH