-----Original Message----- From: Robert-Andre Croteau [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 18, 2000 2:53 PM To: [EMAIL PROTECTED] Subject: Security Notice: Big Brother System and Network Monitor =========================== Big Brother Security Notice =========================== Versions: All prior to 1.4g Module: bbd.c (the bb server: BBDISPLAY/BBPAGER) Affects: All BBDISPLAY/BBPAGER machines (running bbd) Summary: Vulnerabilities exists such that arbitrary commands can be executed with the same userid/permissions as the user running bbd. Fix: Download and install version 1.4g from http://bb4.com or If you have a fairly recent version of BB (1.3a+) you may be able to download version 1.4g from http://bb4.com and replace your current bbd.c/bb.h with the ones from the 1.4g archive. Recompile bbd (make) and reinstall(make install). YMMV ! Note: BB should not be run as root! Particularly vulnerable are the servers that are not protected by firewalls (nothing new!) , that do not use the etc/security file and use the enable/disable feature (optional and user compiled-in). This is a different notice than the one sent out on May 4th 2000. If you wish to be removed from this list please send mail to [EMAIL PROTECTED] Some of you may receive multiple due to the fact that you downloaded BB multiples times and entered a different e-mail address each time. Let me know which address is valid and which are not. Found by: Bryan Deeney <[EMAIL PROTECTED]>, Thanks! --- Robert-Andre Croteau BB4 Technologies Inc. [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
