[17143] in bugtraq
Big Brother Systems and Network Monitor vulnerability
daemon@ATHENA.MIT.EDU (Robert-Andre Croteau)
Tue Oct 10 17:28:03 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <39E340AA.D80C8227@bb4.com>
Date: Tue, 10 Oct 2000 12:15:38 -0400
Reply-To: Robert-Andre Croteau <robert@BB4.COM>
From: Robert-Andre Croteau <robert@BB4.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
===========================
Big Brother Security Notice
===========================
Date: October 10th 2000
Issuer: security@bb4.com
Versions: All prior to 1.5c2
Later versions have no reported vulnerabilities
but you should consider upgrading.
Module: bbd.c (the bb server: BBDISPLAY/BBPAGER)
Affects: All BBDISPLAY/BBPAGER hosts (those running bbd)
Clients are *not* affected.
Summary: Vulnerabilities exists such that
arbitrary commands can be executed with the same
userid/permissions as the user running bbd.
Fix: Download and install the latest version from http://bb4.com
or
versions 1.4g to 1.5c1, in bbd.c:
add this statement
/*** Read this as backquote dollarsign ***/
/*** semi-colon ampersand vertical_bar ***/
/*** backslash backslash ***/
clean_string(msgbuf,"`$;&|\\");
before this one
do_bb(msgbuf);
versions prior to 1.4g
add this function in bbd.c
void clean_string(str,rm_chars)
char *str;
char *rm_chars;
{
char *tmpstr;
while( *rm_chars ) {
while( tmpstr=(char
*)strchr(str,*rm_chars) ) {
*tmpstr = ' ';
}
rm_chars++;
}
}
and add this statement
/*** Read this as backquote dollarsign ***/
/*** semi-colon ampersand vertical_bar ***/
/*** backslash backslash ***/
clean_string(msgbuf,"`$;&|\\");
before this statement
do_bb(msgbuf);
Recompile bbd (make) and reinstall(make install). YMMV !
The clean_string(msgbuf,"`$;&|\\"); statement that removes
the '&' character will disable some display functionality
in BB but it's very minor. Upgrade to the latest version
if you want a full working version.
Note: BB should not be run as root!
Those that compiled in the enable/disable feature
*should* upgrade to the latest version or disable
the enable/disable feature (recompile bbd without
the -DENABLE_DISABLE flag)
Particularly vulnerable are the servers that are not
protected by firewalls (nothing new!) , that do not
use the etc/security file and use the enable/disable
feature (optional and user compiled-in) and those that
keep historical logs (default).
Found by: Andrew Dalgleish , Thanks!
---
Robert-Andre Croteau
BB4 Technologies Inc.
security@bb4.com
