---------- Forwarded message ---------- Date: Thu, 04 May 2000 19:42:57 -0400 From: Sean MacGuire <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Security Alert: Big Brother exploit [Priority notice to BB registered users - distribute internally] This notice concerns the Big Brother System and Network Monitor which our records indicate you downloaded. We wanted to let you know of a security problem that was brought to our attention. We will be notifying Bugtraq and Freshmeat shortly, but since you were good enough to register, you get this advance notice. If you have any questions or concerns, feel free to contact me directly at mailto:[EMAIL PROTECTED]. Sorry for any inconvenience. =========================== Big Brother Security Notice =========================== Versions: All prior to 1.4d Module: bbd.c (the bb server: BBDISPLAY/BBPAGER) Affects: All BBDISPLAY/BBPAGER machines (running bbd) Summary: Exploitable buffer overflow in bbd.c could allow arbitrary commands to be executed with the same userid/permissions as the user running bbd. Fix: Download and install version 1.4d from http://bb4.com or Make sure MAXLINE and MAXBUF are the same... Edit bb.h and change #define MAXLINE 2048 to #define MAXLINE 4096 recompile (make) reinstall (make install) and restart BB (./runbb.sh restart). Note: BB should not be run as root! Found by: [EMAIL PROTECTED], thanks! -- Sean MacGuire, Reality Engineer [EMAIL PROTECTED] The Big Brother Ministry of Truth http://bb4.com icbm --> 45'31.06N-73'35.19W +1 514 996 4638 "Looking down the barrel of another day" -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]