Lucene search

SAINT CorporationSAINT:05593FB079C822BBE24BCF28680F4CD5

HistoryJan 24, 2006 - 12:00 a.m.

Arkeia Type 77 Request buffer overflow

2006-01-2400:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.6 Medium

EPSS

Percentile

97.8%

JSON

Added: 01/24/2006
CVE: CVE-2005-0491
BID: 12594
OSVDB: 14011

Background

The Arkeia network backup software includes a daemon program called **arkeiad** which listens for connections on TCP port 617.

Problem

A buffer overflow in the processing of type 77 requests sent to the **arkeiad** listener allows remote attackers to execute commands.

Resolution

Upgrade to Arkeia stable version 5.3.5 or higher.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0487.html>

Limitations

Exploit works on Arkeia Network Backup Client 5.2.27.

Platforms

Windows
Linux

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.6 Medium

EPSS

Percentile

97.8%

JSON

Related for SAINT:05593FB079C822BBE24BCF28680F4CD5