COMMAND

    bbd (the bb server: BBDISPLAY/BBPAGER)

SYSTEMS AFFECTED

    All BBDISPLAY/BBPAGER machines (running bbd) prior to 1.4g

PROBLEM

    Following is based on Big Brother Security Notice.   Vulnerability
    exists such that arbitrary commands can be executed with the  same
    userid/permissions as the user running bbd.

    Particularly vulnerable are the servers that are not protected  by
    firewalls (nothing new!) , that  do not use the etc/security  file
    and   use   the   enable/disable   feature   (optional   and  user
    compiled-in).

SOLUTION

    Download and install version 1.4g from

        http://bb4.com

    or if  you have  a fairly  recent version  of BB  (1.3a+) you  may
    be able to download  version 1.4g from http://bb4.com  and replace
    your  current  bbd.c/bb.h  with  the  ones  from the 1.4g archive.
    Recompile bbd (make) and reinstall(make install).

    Note: BB should not be run as root!