[ SOURCE: http://www.secureroot.com/security/advisories/9749184135.html ] -----------------.---------------------------------------------. /| | . | / | : : : : : : | | | :: ------ :: : :: | :: - |----- | | :: : :: . : | | :: : | | | : . |------| | : | | | ------^ : | / | . | ;----------"---------------^------ / ------'--------------------- | / / / /----' / / |'----------'---------------'------' --------'---------------------' www.f8labs.com [ INTRODUCTION ] Advisory .........: File Discovery Vulnerability Release Date .....: 11-20-00 Application ......: bb-hist.sh bb-histlog.sh bb-hostsvc.sh bb-rep.sh bb-replog.sh bb-ack.sh Vendor Web Site ..: www.bb4.com Versions Affected.: All installed BB CGI scripts prior to v1.5d3 Vendor Status ....: Contacted // Patch Available (Thanks Robert for being so cooperative.) WWW ..............: www.f8labs.com SHOUTS ...........: Moo baby, Im a sexy cow, yea! [ OVERVIEW ] Big Brother is designed to let anyone - from omniscient Sys Admins, to Pointy-Headed Bosses, see how the network is doing in near real-time, from any web browser, anywhere. [ ADVISORY ] Vulnerabilities exists such that someone can identify if sensitive files exists and determine user ids on the BBDISPLAY server(s) and use those to launch a password brute-force attack. e.g. http://www.victim.com/cgi-bin/bb-hist.sh?HISTFILE=/home/* history Mon Nov 20 22:07:25 EST 2000 Error reading history file [adam] Utilizing this information, we are able to then validate not only if sensitive files exist on the system, but also, valid user accounts for a further brute-force attack on the system. [ RESOURCES ] Patch Details http://bb4.com/incident.nov21 Big Brother Technologies http://www.bb4.com Fate Research Labs http://www.f8labs.com ================================================================ Loki Fate Research Labs loki@f8labs.com ---------------------------------------------------------------- BEGIN PGP SIGNATURE iQA/AwUBOfZvfGnwBJRV5bxfEQJu7gCfQ/T0O9u75nzRGWVSeurNmnFRVr8Anj0c M+UXhPDBvsm+ffRpv41zevQN =3IRx ================================================================