BearShare Directory Traversal Issue Resurfaces

• Previous message: Russ: "Additional info about Opaserv worm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Thu, 3 Oct 2002 22:12:31 +0200
From: Aviram Jenik <aviram@BEYONDSECURITY.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

  BearShare Directory Traversal Issue Resurfaces
------------------------------------------------------------------------

Article reference:
http://www.securiteam.com/windowsntfocus/6D0010A5PU.html

SUMMARY

A while back BearShare 2.2.2 was
<http://www.securiteam.com/windowsntfocus/5SP0P2K40U.html> reported to
have a directory traversal vulnerability in it. This issue was fixed by
the company, now a different variant of the same issue seems to have
resurfaced, allowing a remote attacker to view any file he desires by
issuing a specially crafted HTTP request.

Despite a correction attempt in part of the vendor, the updated version
is still vulnerable.

DETAILS

Vulnerable systems:
 * BearShare version 4.0.5
 * BearShare version 4.0.6 (second variant)

Vendor response:
"The fix for the directory traversal issue you reported to us has been
released as part of BearShare 4.0.6. All users will be notified by the
application itself that a new version is available."

Workaround:
Users that do not upgrade are recommend to deactivate the built in
personal web server by choosing Setup->Uploads and un-checking the
"Activate the built in personal web server" check box.

Example (first variant):
Issuing the following request:

http://127.0.0.1:6346/%5c..%5c..%5c..%5cwindows%5cwin.ini

Would translate into:
http://127.0.0.1:6346/\..\..\..\windows\win.ini

Returning the win.ini file.

Second variant:
Following the release of BearShare version 4.0.6, Gluck has informed us
that this version is still vulnerable to a simple variant of the attack
which indicates bearshare has not done a good job of fixing the problem.
This time issuing the following request would work:

http://127.0.0.1:6346/%5c..%5c..%5c..%5cwindows%5cwin%2eini

The information has been provided by <mailto:gluck@securedream.net>
Gluck
and <mailto:mario@freepeers.com> Mario Solares.

--
Aviram Jenik
Beyond Security Ltd.
http://www.BeyondSecurity.com
http://www.SecuriTeam.com
Know that you're safe:
http://www.AutomatedScanning.com

• Previous message: Russ: "Additional info about Opaserv worm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [NT] BearShare Directory Traversal Issue Resurfaces ... A while back BearShare 2.2.2 was ... have a directory traversal vulnerability in it. ... now a different variant of the same issue seems to have ... "Activate the built in personal web server" check box. ... (Securiteam) BearShare Directory Traversal Issue Resurfaces ... BearShare Directory Traversal Issue Resurfaces ... have a directory traversal vulnerability in it. ... now a different variant of the same issue seems to have ... (Bugtraq) [VulnWatch] BearShare Directory Traversal Issue Resurfaces ... BearShare Directory Traversal Issue Resurfaces ... have a directory traversal vulnerability in it. ... now a different variant of the same issue seems to have ... (VulnWatch) [Full-Disclosure] BearShare Directory Traversal Issue Resurfaces ... BearShare Directory Traversal Issue Resurfaces ... have a directory traversal vulnerability in it. ... now a different variant of the same issue seems to have ... (Full-Disclosure)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint