| VID |
23122 |
| Severity |
40 |
| Port |
617 |
| Protocol |
TCP |
| Class |
Arkea-Agent |
| Detailed Description |
The Arkea Network Backup agent is vulnerable to a remote unauthorized access vulnerability.
Knox Software Arkea Network Backup agent is an agent system designed to remotely perform backups. This agent service is installed by both the Arkeia client and server software. Arkeia Network Backup agent versions 4.0 through 5.3 contain a default account. By using this account, a remote attacker could connect to the affected service to initiate backup and restore requests in order to read and write arbitrary files on the affected system with the privileges of the arkeia daemon (usually root).
* References:
http://securityfocus.com/archive/1/391000
http://metasploit.com/research/arkeia_agent/
http://www.securiteam.com/securitynews/5IP0P0AEUA.html
* Platforms Affected:
Knox Software Arkeia Network Backup Client 4.0
Knox Software Arkeia Network Backup Client 4.1
Knox Software Arkeia Network Backup Client 4.2
Knox Software Arkeia Network Backup Client 5.2
Knox Software Arkeia Network Backup Client 5.3
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
As a workaround, restrict access (TCP port 617) to trusted hosts only. |
| Related URL |
(CVE) |
| Related URL |
12600 (SecurityFocus) |
| Related URL |
(ISS) |
|
