[10357] in bugtraq
FW: Security Notice: Big Brother 1.09b/c
daemon@ATHENA.MIT.EDU (Sean MacGuire)
Mon Apr 26 15:42:41 1999
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
Message-Id: <199904261049.GAA07967@www.maclawran.ca>
Date: Mon, 26 Apr 1999 06:49:59 -0400
Reply-To: Sean MacGuire <sean@WWW.MACLAWRAN.CA>
From: Sean MacGuire <sean@WWW.MACLAWRAN.CA>
X-To: solo@dok.org
To: BUGTRAQ@NETSPACE.ORG
http://www.maclawran.ca/bb/ for more info on Big Brother.
-----FW: <199904261049.GAA07967@www.maclawran.ca>-----
Date: Mon, 26 Apr 1999 06:49:59 -0400 (EDT)
From: Sean MacGuire <sean@www.maclawran.ca>
To: solo@dok.org
Subject: Security Notice: Big Brother 1.09b/c
This notice concerns the Big Brother System and Network Monitor.
We noticed you downloaded a version which could be affected by
this problem so we wanted to tell you about it.
If you have any questions or concerns, feel free to contact me
at mailto:sean@maclawran.ca. Sorry for any inconvenience.
===========================
Big Brother Security Notice
===========================
Versions: 1.09b and 1.09c
Module: CGI History module (web/bb-hist.sh)
Affects: Anyone who's installed the new history viewer
bb-hist.sh as a CGI program.
Summary: Exploiting the problem could allow the partial
display of local files provided they are readable
by your web server, and text-based.
Fix: Please pick up a new version of the bb-hist.sh file
at: http://maclawran.ca/bb-dnld/bb-hist.sh
Found by: Michael Smith <michael@csuite.ns.ca> Thanks Michael.
I've also updated the archive to be 1.09d (this is the only
change).
--
Sean MacGuire, Reality Engineer sean@MacLawran.ca
The Big Brother Ministry of Truth http://maclawran.ca/sean
icbm --> 45'31.06N-73'35.19W +1 514 982 9688
"Looking down the barrel of another day"
--------------End of forwarded message-------------------------
