Description
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
Products
- Sean Macguire Big Brother 1.09b
- Sean Macguire Big Brother 1.09c
- Sean Macguire Big Brother 1.09d
- Sean Macguire Big Brother 1.0
- Sean Macguire Big Brother 1.1
- Sean Macguire Big Brother 1.2
- Sean Macguire Big Brother 1.3
- Sean Macguire Big Brother 1.3b
- Sean Macguire Big Brother 1.4
- Sean Macguire Big Brother 1.4g
- Sean Macguire Big Brother 1.4h1
- Sean Macguire Big Brother 1.4h
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2000-0639, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2000-0639 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References