Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:894 |
Message | WEB-CGI bb-hist.sh access |
Summary | This event is generated when an attempt is made to display historical information from a Big Brother system monitor host. |
Impact | Information Disclosure. |
Detailed Information | Big Brother is a monitoring system used by many organisations. It records both current and historical information about monitored hosts on a network. Access to the system status is via a series of web pages and CGI scripts. Version 1.09b & 1.09c contained a bug in bb-hist.sh that could be made to display files accessible by the user under which the CGI script is run. |
Affected Systems | |
Attack Scenarios | A malicious user could use this vulnerability to gain more information about the Big Brother host. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to a later version of Big Brother at least 1.09d |
Additional References | url,http://bb4.com/ cve,CAN-1999-1462 |
Rule References | bugtraq: 142 cve: 1999-1462 nessus: 10025 |
--
DID:269853
--
http://www.aanval.com/