Free Peers BearShare Directory Traversal Vulnerability

Free Peers Inc. BearShare is a Windows-based file-sharing utility.

Under certain configurations and platforms, versions of BearShare are prone to directory-traversal attacks.

Although the product's website feature does filter '/../' sequences (which are commonly effective in traversal attacks), an attacker could construct a path expression that will bypass the product's input validation.

As a result, BearShare's website feature, if enabled, can permit a remote attacker to traverse the webserver's directory structure and request files from outside the web root.

Note that this vulnerability does not appear to affect Windows 2000 installations of BearShare.


 

Privacy Statement
Copyright 2010, SecurityFocus