Quest Big Brother Remote File Overwrite

2011-06-14T00:00:00
ID SAINT:CEA1C1B1741CE4C3E3626615DC538224
Type saint
Reporter SAINT Corporation
Modified 2011-06-14T00:00:00

Description

Added: 06/14/2011
BID: 47805
OSVDB: 72347

Background

Quest Big Brother is server monitoring package.

Problem

The 'bbntd.exe' service of the Big Brother server version 4.40 and prior does not properly sanitize user requests and may allow an attacker to upload files using a directory traversal vulnerability.

Resolution

At this time no patch is available. Restrict access to TCP port 1984 of the Big Brother service to trusted servers only.

References

<http://aluigi.altervista.org/adv/bbntd_2-adv.txt>
<http://secunia.com/advisories/44555/>

Limitations

This exploit has been tested against Quest Software Big Brother Professional Edition Windows Server 4.4 on Windows Server 2003 SP2 English (DEP OptOut). The exploit will leave the following file on the system C:\docume~1\alluse~1\startm~1\programs\startup\exploit.js. This file should be manually removed after successful exploitation. Exploitation will not occur until after the server has been rebooted and an admin logs in.

Platforms

Windows