Knox Arkeia Network Backup Agent Remote Unauthorized Access Vulnerability
BID:12600
Info
Knox Arkeia Network Backup Agent Remote Unauthorized Access Vulnerability
| Bugtraq ID: | 12600 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2005 12:00AM |
| Updated: | Feb 21 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to H.D. Moore. |
| Vulnerable: |
Knox Software Arkeia 5.3 Knox Software Arkeia 5.2 Knox Software Arkeia 4.2 Knox Software Arkeia 4.1 Knox Software Arkeia 4.0 |
| Not Vulnerable: | |
Discussion
Knox Arkeia Network Backup Agent Remote Unauthorized Access Vulnerability
Knox Arkeia Network Backup is reported prone to a remote unauthorized access vulnerability.
It is reported that an agent service is installed by both the Arkeia client and server software.
Reports indicate that authentication is not required in order to connect to the affected agent software. A remote attacker may connect to the affected service to initiate backup and restore requests in order to read and write arbitrary files.
Knox Arkeia Network Backup is reported prone to a remote unauthorized access vulnerability.
It is reported that an agent service is installed by both the Arkeia client and server software.
Reports indicate that authentication is not required in order to connect to the affected agent software. A remote attacker may connect to the affected service to initiate backup and restore requests in order to read and write arbitrary files.
Exploit / POC
Knox Arkeia Network Backup Agent Remote Unauthorized Access Vulnerability
Exploit code to read arbitrary files (arkeia_agent_access.pm) as part of the Metasploit Framework project has been released.
Exploit code to read arbitrary files (arkeia_agent_access.pm) as part of the Metasploit Framework project has been released.
Solution / Fix
Knox Arkeia Network Backup Agent Remote Unauthorized Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Knox Arkeia Network Backup Agent Remote Unauthorized Access Vulnerability
References:
References:
- Arkeia Agent (H D Moore)
- Knox Software Home Page (Knox Software)
- Arkeia Network Backup Client Remote Access (H D Moore