[NT] BearShare Directory Traversal Issue Resurfaces
From: support@securiteam.comDate: 10/03/02
- Previous message: support@securiteam.com: "[UNIX] Net-SNMP DoS Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Thu, 3 Oct 2002 21:03:13 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
BearShare Directory Traversal Issue Resurfaces
------------------------------------------------------------------------
SUMMARY
A while back BearShare 2.2.2 was
<http://www.securiteam.com/windowsntfocus/5SP0P2K40U.html> reported to
have a directory traversal vulnerability in it. This issue was fixed by
the company, now a different variant of the same issue seems to have
resurfaced, allowing a remote attacker to view any file he desires by
issuing a specially crafted HTTP request.
Despite a correction attempt in part of the vendor, the updated version is
still vulnerable.
DETAILS
Vulnerable systems:
* BearShare version 4.0.5
* BearShare version 4.0.6 (second variant)
Vendor response:
"The fix for the directory traversal issue you reported to us has been
released as part of BearShare 4.0.6. All users will be notified by the
application itself that a new version is available."
Workaround:
Users that do not upgrade are recommend to deactivate the built in
personal web server by choosing Setup->Uploads and un-checking the
"Activate the built in personal web server" check box.
Example (first variant):
Issuing the following request:
http://127.0.0.1:6346/%5c..%5c..%5c..%5cwindows%5cwin.ini
Would translate into:
http://127.0.0.1:6346/\..\..\..\windows\win.ini
Returning the win.ini file.
Second variant:
Following the release of BearShare version 4.0.6, Gluck has informed us
that this version is still vulnerable to a simple variant of the attack
which indicates bearshare has not done a good job of fixing the problem.
This time issuing the following request would work:
http://127.0.0.1:6346/%5c..%5c..%5c..%5cwindows%5cwin%2eini
ADDITIONAL INFORMATION
The information has been provided by <mailto:gluck@securedream.net> Gluck
and <mailto:mario@freepeers.com> Mario Solares.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Net-SNMP DoS Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
