---------- Forwarded message ----------
Date: Thu, 04 May 2000 19:42:57 -0400
From: Sean MacGuire <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Security Alert: Big Brother exploit

[Priority notice to BB registered users - distribute internally]

This notice concerns the Big Brother System and Network Monitor
which our records indicate you downloaded.  We wanted to let
you know of a security problem that was brought to our attention.

We will be notifying Bugtraq and Freshmeat shortly, but since
you were good enough to register, you get this advance notice.

If you have any questions or concerns, feel free to contact me
directly at mailto:[EMAIL PROTECTED].  Sorry for any inconvenience.


                ===========================
                Big Brother Security Notice
                ===========================

Versions: All prior to 1.4d

Module:   bbd.c  (the bb server: BBDISPLAY/BBPAGER)

Affects:  All BBDISPLAY/BBPAGER machines (running bbd)

Summary:  Exploitable buffer overflow in bbd.c could allow
          arbitrary commands to be executed with the same
          userid/permissions as the user running bbd.

Fix:      Download and install version 1.4d from http://bb4.com

          or 

          Make sure MAXLINE and MAXBUF are the same...
          Edit bb.h and change 
                #define MAXLINE 2048
          to 
                #define MAXLINE 4096 
          recompile (make) reinstall (make install) and
          restart BB (./runbb.sh restart).

Note:     BB should not be run as root!
          
Found by: [EMAIL PROTECTED], thanks!
-- 
Sean MacGuire, Reality Engineer                    [EMAIL PROTECTED]
The Big Brother Ministry of Truth                http://bb4.com
icbm --> 45'31.06N-73'35.19W                    +1 514 996 4638
              "Looking down the barrel of another day"





--------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]


Kirim email ke