Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0638

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0638
Last Modified 10 Sep 2008 03:05:31
Published 11 Jul 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0638

Summary

bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.

Vulnerable Systems

Application

  • Sean Macguire Big Brother 1.0

  • Sean Macguire Big Brother 1.09b

  • Sean Macguire Big Brother 1.09c

  • Sean Macguire Big Brother 1.09d

  • Sean Macguire Big Brother 1.1

  • Sean Macguire Big Brother 1.2

  • Sean Macguire Big Brother 1.3

  • Sean Macguire Big Brother 1.3b

  • Sean Macguire Big Brother 1.4

  • Sean Macguire Big Brother 1.4g

  • Sean Macguire Big Brother 1.4h

  • Sean Macguire Big Brother 1.4h1


References

XF - http-cgi-bigbrother-bbhostsvc

BID - 1455

CONFIRM - http://bb4.com/README.CHANGES

BUGTRAQ - 20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER

BUGTRAQ - 20000711 BIG BROTHER EXPLOIT


Last Updated: 27 May 2016 10:35:48