• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Anaconda Foundation Directory Traversal Vulnerability

Severity: HIGH

Description:

Anaconda Foundation Directory is an application which facilitates the integration of the Open Directory Project, which is a comprehensive directory listing maintained by a team of volunteers. Usage of the Open Directory Project is free under certain conditions. Search engines such as Lycos and Google utilize the Open Directory Project. Anaconda serves as a search engine front end to Open Directory Project listings and can be seamlessly integrated into an existing website.

A directory traversal vulnerability exists which allows a remote user to gain unauthorized access to arbitrary files on a filesystem Anaconda Foundation Directory resides on.

The file 'apexec.pl' located in the cgi-bin will grant access to arbitrary files when used in conjunction with the variable 'template'. 'apexec.pl' will parse the output following the 'template' variable within the security context of the http daemon, regardless of the privilege level of the user requesting the string.

Unauthorized remote users may traverse the filesystem by utilizing the common directory traversal double dot '../' technique. Anaconda will perform checks for permissible filename extensions such as .html and .htm, although this mechanism can be bypassed by appending a null byte '%00' followed by the html extension to the desired filename. Therefore, a user may gain access to arbitrary files by performing a malicious URL request.

This attack may lead to the disclosure of sensitive information and may aid in the assistance of other attacks.

Update: It was originally believed that this issue does not affect Anaconda Foundation Directory versions 1.5 and subsequent. New information suggests that newer versions of the script are still vulnerable to this issue.

Affected Products:

• Anaconda Foundation Directory 1.4.0
• Anaconda Foundation Directory 1.5.0
• Anaconda Foundation Directory 1.6.0
• Anaconda Foundation Directory 1.7.0
• Anaconda Foundation Directory 1.9.0

References:

• Anaconda: Foundation Directory Product Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.