CVE-2000-1177
published 2001-01-09CVE-2000-1177: bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.95%
94.0th percentile
bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bb4 | big_brother_network_monitor | <= 1.5d2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BB4 Big Brother Network Monitor 1.5 d2 - 'bb-hist.sh?HISTFILE' File Existence Disclosure
exploitdb·2000-11-20
CVE-2000-1177 BB4 Big Brother Network Monitor 1.5 d2 - 'bb-hist.sh?HISTFILE' File Existence Disclosure
BB4 Big Brother Network Monitor 1.5 d2 - 'bb-hist.sh?HISTFILE' File Existence Disclosure
---
source : https://www.securityfocus.com/bid/1971/info
Big Brother Network Monitor is a robust, feature rich network monitoring package produced by BB4 Technologies. A problem exists that can allow remote account guessing.
The problem occurs in the Common Gateway Interface package included with Big Brother, which runs on the Big Brother Display Server. The CGI is responsible for statistical posting of network operations on the Big Brother Display Server, an interface which is accessible via Web Browser. Due to insufficient handling of input, it is possible to verify the existance of sensitive files and valid user accounts through the the CGI of the Display Server. Yielding this information to a m
Exploit-DB
Netopia R-series Routers 4.6.2 - Modifying SNMP Tables
exploitdb·2000-05-16
CVE-2000-0379 Netopia R-series Routers 4.6.2 - Modifying SNMP Tables
Netopia R-series Routers 4.6.2 - Modifying SNMP Tables
---
source: https://www.securityfocus.com/bid/1177/info
All R-series platforms with firmware between 4.3.8 and 4.6.2 (inclusive) allow users who already have access to the router to modify SNMP tables which they should not be able to access. The router has a command-line mode that is reached by typing control-N after the user has passed the intial login test. At the "#" prompt one can then do most management of the device. This includes the setting of SNMP community strings in spite of the limitation imposed by the administrator.
The following devices are confirmed as vulnerable:
R2020 Dual Analog Router
R3100 ISDN Router
R3100-I ISDL Router
R3100-T IDSL router for Covad
R3232-I IDSL 4-IMUX router
R5100 Serial router
R5200 DDS rou
No writeups or analysis indexed.
2001-01-09
Published