Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Adminware, Control Panels :: bb4.htm

Big Brother CGI scripts prior to v1.5d3 - Read sensistive files

    Big Brother


    All installed BB CGI scripts prior to v1.5d3


    Loki found  following.   Big Brother  is designed  to let anyone -
    from omniscient Sys Admins,  to Pointy-Headed Bosses, see  how the
    network  is  doing  in  near  real-time,  from  any  web  browser,

    Vulnerabilities exists such that someone can identify if sensitive
    files exists  and determine  user ids  on the  BBDISPLAY server(s)
    and use those to launch a password brute-force attack.  e.g.*

    Utilizing this information, we are able to then validate not  only
    if  sensitive  files  exist  on  the  system, but also, valid user
    accounts for a further brute-force attack on the system.


    Patch details:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH