Big Brother Arbitrary Shell Command Execution Vulnerability

A vulnerability exists in versions of the Big Brother network monitor server prior to v1.5c2. Due to improper filtering of '&' characters from user supplied input in the affected versions, it is possible for arbitrary shell commands to be run by the userid of the bbd server. As a result, a remote attacker may be able to gain local access to the host running Big Brother server.


 

Privacy Statement
Copyright 2010, SecurityFocus