GEN:SID | 1:894 |
Message | WEB-CGI bb-hist.sh access |
Summary | This event is generated when an attempt is made to display historical information from a Big Brother system monitor host.
|
Impact | Information Disclosure.
|
Detailed Information | Big Brother is a monitoring system used by many organisations. It records both current and historical information about monitored hosts on a network. Access to the system status is via a series of web pages and CGI scripts. Version 1.09b & 1.09c contained a bug in bb-hist.sh that could be made to display files accessible by the user under which the CGI script is run.
|
Affected Systems | |
Attack Scenarios | A malicious user could use this vulnerability to gain more information about the Big Brother host.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to a later version of Big Brother at least 1.09d
|
Additional References | url,http://bb4.com/ cve,CAN-1999-1462
|
Rule References | bugtraq: 142
cve: 1999-1462
nessus: 10025
|