Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Arkeia Network Backup Client Remote Access

from [Arnaud Spicht] Network Security [Permanent Link]
Subject: Re: Arkeia Network Backup Client Remote Access
Date: 22 Feb 2005 21:38:55 -0000 
In-Reply-To: <20050222091943.GM76018@DAPCVA.da>


On Sun, Feb 20, 2005 at 02:41:36PM -0600, H D Moore wrote:

Anyone able to connect to TCP port 617 can gain read/write access to the 
filesystem of any host running the Arkeia agent software. This appears to 
be an intentional design decision on the part of the Arkeia developers. A 
long-winded description of this issue, complete with screen shots, 
demonstration code, and packet captures can found online at:

 - http://metasploit.com/research/arkeia_agent/


Note that, on the arkeia user list, somebody pointed out that clients
can be configured to disallow this from anybody but the server. But that's
not the default configuration, the default is "plug and play", that is, you
throw the software on the client and it works.

The relevant section is Appendix B of the user manual. It tells you how
to setup your client with the equivalent of tcp_wrapper security.

Even then, you still have a small vulnerability, in that anyone who
has access to the server system can still impersonate the arkeia software
to access the client. But you can't do that from any random machine.




From Appendix B of Arkeia User Manual:

There is a way to tighten client access by requiring a connection on a reserved 
port and using root account. The format of the auth_PROCESS.cfg file to limit 
access is:
<PROCESS_NAME>.* ALLOW <backup server FQDN>[1] root

For example:
ARKADMIN.* ALLOW mercury.arkeia.com[1] root

-- 
Arnaud Spicht
CTO - Arkeia Corp.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Software PBLang 4.65 pm.php XSS vulnerability, Raven
Next by Date:  Re: Knox Arkeia remote root/system exploit, Arnaud Spicht
Previous by Thread:  Re: Arkeia Network Backup Client Remote Access, H D Moore
Next by Thread:  Gigafast/CompUSA router (model EE400-R) vulnerabilities, Gary H. Jones II
Indexes:  [Date] [Thread] [Top] [All Lists]