Quest Big Brother Remote File Overwrite

Added: 06/14/2011
BID: 47805
OSVDB: 72347

Background

Quest Big Brother is server monitoring package.

Problem

The 'bbntd.exe' service of the Big Brother server version 4.40 and prior does not properly sanitize user requests and may allow an attacker to upload files using a directory traversal vulnerability.

Resolution

At this time no patch is available. Restrict access to TCP port 1984 of the Big Brother service to trusted servers only.

References

http://aluigi.altervista.org/adv/bbntd_2-adv.txt
http://secunia.com/advisories/44555/

Limitations

This exploit has been tested against Quest Software Big Brother Professional Edition Windows Server 4.4 on Windows Server 2003 SP2 English (DEP OptOut). The exploit will leave the following file on the system C:\docume~1\alluse~1\startm~1\programs\startup\exploit.js. This file should be manually removed after successful exploitation. Exploitation will not occur until after the server has been rebooted and an admin logs in.

Platforms

Windows

Back to exploit index