Subject: [NEWS] Big Brother allows remote command execution
Date: Sat, 27 May 2000 11:50:36 +0200
From: support@securiteam.com

          Big Brother allows remote command execution
--------------------------------------------------------------------------------

SUMMARY

A vulnerability in  <http://bb4.com> BBS's program allows arbitrary
commands to be executed remotely with the permissions of the user running
bbd.

DETAILS

Vulnerable systems:
Big Brother System prior to 1.4g

Immune systems:
Big Brother System 1.4g

Fix:
Download and install version 1.4g from  <http://bb4.com> http://bb4.com
Or:
If you have a fairly recent version of BB (1.3a+) you may be able to
download version 1.4g from http://bb4.com and replace your current
bbd.c/bb.h with the ones from the 1.4g archive. Recompile bbd (make) and
reinstall (make install).

Note:
BB should not be running as root!

ADDITIONAL INFORMATION

The information has been provided by:
<mailto:stace.cunningham@KEESLER.AF.MIL> Cunningham Stace D MSgt 2 AF/XTI.

========================================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.