Reported October 4, 2002, by SecuriTeam.
· BearShare 4.0.6 and 4.0.5
A directory traversal vulnerability exists in the file-sharing program BearShare. This vulnerability stems from a flaw in the personal Web-server portion of BearShare, which could let an attacker view any file on the vulnerable system by issuing a specially crafted HTTP request.
The discoverer posted the following demonstration as proof of concept:
issuing the following request,
would return the contents of the win.ini file.
The vendor, Free Peers, has released version 4.0.6 to address the traversal issue described above, but the software is still vulnerable if an attacker uses an HTTP request such as
http://127.0.0.1:6346/%5c..%5c..%5c..%5cwindows%5cwin%2eini. Free Peers has not yet addressed this second variant of the same problem.