| VID |
23123 |
| Severity |
40 |
| Port |
617 |
| Protocol |
TCP |
| Class |
Arkea-Agent |
| Detailed Description |
The Arkea Network Backup agent, according to its version number, is vulnerable to buffer overflow vulnerability. Knox Software Arkea Network Backup agent is an agent system designed to remotely perform backups. An agent service is installed by both the Arkeia client and server software. Arkeia Network Backup agent versions prior to 5.3.4 are vulnerable to a stack-based buffer overflow vulnerability in the processing of a type 77 request. A remote attacker could exploit this flaw to execute arbitrary code on the affected host with the privileges of the arkeia daemon (usually root).
* Note: This check solely relied on the version number of the remote Arkea Agent service to assess this vulnerability, so this might be a false positive.
* References:
http://securityfocus.com/archive/1/390936
http://securityfocus.com/archive/1/391002
http://metasploit.com/projects/Framework/exploits.html
* Platforms Affected:
Knox Software Arkeia Network Backup agent versions prior to 5.3.4
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Arkeia Backup software (5.3.5, 5.2.28, 5.1.21 or later), available from the Arkeia Backup Download Web site at http://www.knox-software.com/download/asb/?rlink=1 |
| Related URL |
CVE-2005-0491,CVE-2005-0492 (CVE) |
| Related URL |
12594 (SecurityFocus) |
| Related URL |
19398 (ISS) |
|
