For those of you who don't know what is BigIP, it is a software
developed by F5 labs to handle incoming traffic and redirect
it to a server with in a group of servers.
It is installed on BSDI system (maybe other too). Once it is has been
installed you can configure it either by using a command line or by
using the html interface (http server comes with the software).
The html interface basicly operates one program, bigconf.cgi, witch is
installed suid root. I have not spend much time learning how to exploit this
program, but from the bits I did, I was able to look at _any_ file
on the system simply by giving it's name to the cgi program (with appropriate
parameters of course).
The risk here is not from the outside, as the http server is protected
by a password, but from internal users. Less risk, but still ...
