14011 : Arkeia Backup Client Type 77 Request Processing Buffer Remote Overflow
Printer | http://osvdb.org/14011 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
12	2451	about 8 years ago	over 2 years ago	10 times	90%

Timeline

Disclosure Date
2005-02-18

Description

A remote overflow exists in Arkeia Backup Client. The application fails to perform proper bounds checking when processing packets marked as 'type 77' resulting in a buffer overflow. With a specially crafted type 77 request to port 617 (tcp), a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial

Solution

Upgrade to version 5.1.21, 5.2.28, 5.3.5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Restrict access to the service.

Products

Arkeia Corp.	Arkeia Network Backup	5.3.3
		5.2.27
		4.2.x

References

Security Tracker: 1013256
Milw0rm: 102
Exploit Database: 102
Bugtraq ID: 12594
Metasploit ID: 14011
Secunia Advisory ID: 14327
ISS X-Force ID: 19398
CVE ID: 2005-0491 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0397.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0420.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0433.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0487.html
http://marc.theaimsgroup.com/?l=bugtraq&m=110887325425794&w=2
Other Advisory URL: http://metasploit.com/research/arkeia_agent/
Vendor URL: http://www.arkeia.com/
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/arkeia_type_77_request

Tools & Filters

	17158
	2635
Snort	3453 3454 3457 3458

Credit

John Doe - guldens111hotmail.com -

CVSSv2 Score

CVSSv2 Base Score = 10.0
Source: nvd.nist.gov | Generated: 2005-06-08 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.