Knox Arkeia Type 77 Request Remote Buffer Overflow

Critical Nessus Network Monitor Plugin ID 2635

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running Arkea Network Backup agent, an agent system designed to remotely perform backups of the remote host. The remote version of this agent contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary commands on the remote host with the privileges of the Arkeia daemon.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://archives.neohapsis.com/archives/bugtraq/2005-02/0347.html

http://metasploit.com/research/arkeia_agent

Plugin Details

Severity: Critical

ID: 2635

File Name: 2635.prm

Family: Generic

Published: 2005/02/21

Modified: 2016/01/19

Dependencies: 2633

Nessus ID: 17158

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Exploitable With

Core Impact

Metasploit (Arkeia Backup Client Type 77 Overflow (Mac OS X))

Reference Information

CVE: CVE-2005-0491

BID: 12594, 12600