BearShare File-Sharing Directory Traversal Vulnerability

Reported October 4, 2002, by SecuriTeam.

VERSION AFFECTED

 

·         BearShare 4.0.6 and 4.0.5

 

DESCRIPTION

 

A directory traversal vulnerability exists in the file-sharing program BearShare. This vulnerability stems from a flaw in the personal Web-server portion of BearShare, which could let an attacker view any file on the vulnerable system by issuing a specially crafted HTTP request.

 

 

DEMONSTRATION

 

The discoverer posted the following demonstration as proof of concept:

 

By issuing the following request,

http://127.0.0.1:6346/%5c..%5c..%5c..%5cwindows%5cwin.ini

 

would return the contents of the win.ini file.

 

 

VENDOR RESPONSE

 

The vendor, Free Peers, has released version 4.0.6 to address the traversal issue described above, but the software is still vulnerable if an attacker uses an HTTP request such as

http://127.0.0.1:6346/%5c..%5c..%5c..%5cwindows%5cwin%2eini. Free Peers has not yet addressed this second variant of the same problem.

 

CREDIT

Discovered by Gluck and Mario Solares.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish