chopper used our newssubmit to tell us:
BearShare is a Windows file sharing program from Free Peers, Inc. that lets you, your friends, and everyone in the world share files. A serious security vulnerability in the product allows remote attackers to download any file on the local disk, even if it hasn't been added to the shared list. |
Vulnerable systems:
BearShare 2.2.2 and prior (Windows 95/98/ME) with its Web Site feature enabled
Ah is this why there is on the Bearshare news:
4/1/01: Older BearShare servents are correctly dropped even before the 14th of the month.
Be sure to check if you have the latest version just in case! Download new ones here: http://www.bearshare.com/download.htm. Also we heard the program is spyware (it contacts the internet without your permission?)... Could anyone test this or provide us with some prove?
Source: Newssubmit