Notice - an exploitable buffer overflow has been reported in the Big Brother server (bbd). If you're running BB, please either update your version, apply the fix enclosed, and run BB as a non-root user! If you have . . .
Notice - an exploitable buffer overflow has been reported in the Big Brother server (bbd). If you're running BB, please either update your version, apply the fix enclosed, and run BB as a non-root user!

If you have any questions or concerns, feel free to contact me
directly at mailto:sean@bb4.com. Sorry for any inconvenience.

                ===========================
                Big Brother Security Notice
                ===========================

Versions: All prior to 1.4d

Module:   bbd.c  (the bb server: BBDISPLAY/BBPAGER)

Affects:  All BBDISPLAY/BBPAGER machines (running bbd)

Summary:  Exploitable buffer overflow in bbd.c could allow
          arbitrary commands to be executed with the same
          userid/permissions as the user running bbd.

Fix:      Download and install version 1.4d from http://bb4.com

          or 

          Make sure MAXLINE and MAXBUF are the same...
          Edit bb.h and change 
                #define MAXLINE 2048
          to 
                #define MAXLINE 4096 
          recompile (make) reinstall (make install) and
          restart BB (./runbb.sh restart).

Note:     BB should not be run as root!
          
Found by: jpalardy@paranoia.pgci.ca, thanks!
-- 
Sean MacGuire, Reality Engineer                    sean@bb4.com
The Big Brother Ministry of Truth                http://bb4.com
icbm  45'31.06N-73'35.19W                    +1 514 996 4638
              "Looking down the barrel of another day"