Notice - an exploitable buffer overflow has been reported in the Big Brother server (bbd). If you're running BB, please either update your version, apply the fix enclosed, and run BB as a non-root user!
If you have any questions or concerns, feel free to contact me
directly at mailto:sean@bb4.com. Sorry for any inconvenience.
If you have any questions or concerns, feel free to contact me
directly at mailto:sean@bb4.com. Sorry for any inconvenience.
===========================
Big Brother Security Notice
===========================
Versions: All prior to 1.4d
Module: bbd.c (the bb server: BBDISPLAY/BBPAGER)
Affects: All BBDISPLAY/BBPAGER machines (running bbd)
Summary: Exploitable buffer overflow in bbd.c could allow
arbitrary commands to be executed with the same
userid/permissions as the user running bbd.
Fix: Download and install version 1.4d from http://bb4.com/
or
Make sure MAXLINE and MAXBUF are the same...
Edit bb.h and change
#define MAXLINE 2048
to
#define MAXLINE 4096
recompile (make) reinstall (make install) and
restart BB (./runbb.sh restart).
Note: BB should not be run as root!
Found by: jpalardy@paranoia.pgci.ca, thanks!
--
Sean MacGuire, Reality Engineer sean@bb4.com
The Big Brother Ministry of Truth http://bb4.com/
icbm 45'31.06N-73'35.19W +1 514 996 4638
"Looking down the barrel of another day"
