Anaconda Double NULL Encoded Remote File Retrieval Network Vulnerability

Summary

The remote Anaconda Foundation Directory contains a flaw that allows anyone to read arbitrary files with root (super-user) privileges, by embedding a double null byte in a URL, as in : http://www.example.com/cgi-bin/apexec.pl?etype=odp&template=../../../../../../..../../etc/passwd%%0000.html&passurl=/category/

Solution

Contact your vendor for updated software.

Severity

Classification

CVE CVE-2000-0975

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IlohaMail Arbitrary File Access via Language Variable
WinTFTP Server Pro Remote Directory Traversal Vulnerability
TFTP file detection (Cisco IOS)
Music Daemon File Disclosure
Web Shopper remote file retrieval

Take action and discover your vulnerabilities