The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
2000-06-11T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | sean_macguire | big_brother | 1.0 | Yes |
| Application | sean_macguire | big_brother | 1.1 | Yes |
| Application | sean_macguire | big_brother | 1.2 | Yes |
| Application | sean_macguire | big_brother | 1.3 | Yes |
| Application | sean_macguire | big_brother | 1.3b | Yes |
| Application | sean_macguire | big_brother | 1.4 | Yes |
| Application | sean_macguire | big_brother | 1.4g | Yes |
| Application | sean_macguire | big_brother | 1.4h | Yes |
| Application | sean_macguire | big_brother | 1.4h1 | Yes |
| Application | sean_macguire | big_brother | 1.09b | Yes |
| Application | sean_macguire | big_brother | 1.09c | Yes |
| Application | sean_macguire | big_brother | 1.09d | Yes |