Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0639

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0639
Last Modified 10 Sep 2008 03:05:31
Published 11 Jun 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0639

Summary

The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.

Vulnerable Systems

Application

  • Sean Macguire Big Brother 1.0

  • Sean Macguire Big Brother 1.09b

  • Sean Macguire Big Brother 1.09c

  • Sean Macguire Big Brother 1.09d

  • Sean Macguire Big Brother 1.1

  • Sean Macguire Big Brother 1.2

  • Sean Macguire Big Brother 1.3

  • Sean Macguire Big Brother 1.3b

  • Sean Macguire Big Brother 1.4

  • Sean Macguire Big Brother 1.4g

  • Sean Macguire Big Brother 1.4h

  • Sean Macguire Big Brother 1.4h1


References

BUGTRAQ - 20000711 Big Brother filename extension vulnerability

BID - 1494

XF - big-brother-filename-extension

OSVDB - 1472


Last Updated: 27 May 2016 10:35:48