lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: aviram at (Aviram Jenik)
Subject: BearShare Directory Traversal Issue Resurfaces

  BearShare Directory Traversal Issue Resurfaces

Article reference:


A while back BearShare 2.2.2 was  
<> reported to
have a directory traversal vulnerability in it. This issue was fixed by
the company, now a different variant of the same issue seems to have
resurfaced, allowing a remote attacker to view any file he desires by
issuing a specially crafted HTTP request.

Despite a correction attempt in part of the vendor, the updated version
is still vulnerable.


Vulnerable systems:
 * BearShare version 4.0.5
 * BearShare version 4.0.6 (second variant)

Vendor response:
"The fix for the directory traversal issue you reported to us has been
released as part of BearShare 4.0.6. All users will be notified by the
application itself that a new version is available."

Users that do not upgrade are recommend to deactivate the built in
personal web server by choosing Setup->Uploads and un-checking the
"Activate the built in personal web server" check box.

Example (first variant):
Issuing the following request:

Would translate into:\..\..\..\windows\win.ini

Returning the win.ini file.

Second variant:
Following the release of BearShare version 4.0.6, Gluck has informed us
that this version is still vulnerable to a simple variant of the attack
which indicates bearshare has not done a good job of fixing the problem.
This time issuing the following request would work:

The information has been provided by  <>
and  <> Mario Solares.

Aviram Jenik
Beyond Security Ltd.

Know that you're safe:

Powered by blists - more mailing lists