Arkeia Type 77 Request buffer overflow

2006-01-24T00:00:00
ID SAINT:504F3CE3B3863242033791F8E90C1EEC
Type saint
Reporter SAINT Corporation
Modified 2006-01-24T00:00:00

Description

Added: 01/24/2006
CVE: CVE-2005-0491
BID: 12594
OSVDB: 14011

Background

The Arkeia network backup software includes a daemon program called **arkeiad** which listens for connections on TCP port 617.

Problem

A buffer overflow in the processing of type 77 requests sent to the **arkeiad** listener allows remote attackers to execute commands.

Resolution

Upgrade to Arkeia stable version 5.3.5 or higher.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0487.html>

Limitations

Exploit works on Arkeia Network Backup Client 5.2.27.

Platforms

Windows
Linux