From: "Michael Hembo" <none@hembo--micron.dk.lh.bsd-dk.dk> To: <none@bsd-dk--bsd-dk.dk.lh.bsd-dk.dk> Subject: Fw: Security Alert: Big Brother exploit Date: Fri, 5 May 2000 06:25:22 +0200
-----Original Message-----
From: Sean MacGuire <none@sean--bb4.com.lh.bsd-dk.dk>
To: bb-announce@bb4.com <none@bb-announce--bb4.com.lh.bsd-dk.dk>
Date: 5. maj 2000 04:10
Subject: Security Alert: Big Brother exploit
>[Priority notice to BB registered users - distribute internally]
>
>This notice concerns the Big Brother System and Network Monitor
>which our records indicate you downloaded. We wanted to let
>you know of a security problem that was brought to our attention.
>
>We will be notifying Bugtraq and Freshmeat shortly, but since
>you were good enough to register, you get this advance notice.
>
>If you have any questions or concerns, feel free to contact me
>directly at mailto:sean@bb4.com. Sorry for any inconvenience.
>
>
> ===========================
> Big Brother Security Notice
> ===========================
>
>Versions: All prior to 1.4d
>
>Module: bbd.c (the bb server: BBDISPLAY/BBPAGER)
>
>Affects: All BBDISPLAY/BBPAGER machines (running bbd)
>
>Summary: Exploitable buffer overflow in bbd.c could allow
> arbitrary commands to be executed with the same
> userid/permissions as the user running bbd.
>
>Fix: Download and install version 1.4d from http://bb4.com
>
> or
>
> Make sure MAXLINE and MAXBUF are the same...
> Edit bb.h and change
> #define MAXLINE 2048
> to
> #define MAXLINE 4096
> recompile (make) reinstall (make install) and
> restart BB (./runbb.sh restart).
>
>Note: BB should not be run as root!
>
>Found by: jpalardy@paranoia.pgci.ca, thanks!
>--
>Sean MacGuire, Reality Engineer sean@bb4.com
>The Big Brother Ministry of Truth http://bb4.com
>icbm --> 45'31.06N-73'35.19W +1 514 996 4638
> "Looking down the barrel of another day"
>
This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:02 CET