Slashdot Mirror

← Back to Stories (view on slashdot.org)

Arkeia Network Backup Agent Remote Access

Posted by timothy on from the security-is-for-dead-people dept.

hdm writes "The Metasploit Project has published a security analysis of the Arkeia Network Backup Client. Anyone able to connect to TCP port 617 can gain read/write access to the filesystem of any host running the Arkeia agent software. This appears to be an intentional design decision on the part of the Arkeia developers. A long-winded description of this issue, complete with screen shots, demonstration code, and packet captures can be found in the research article. Arkeia has been credited with being the first commercial backup product for the Linux platform."

1 of 168 comments (clear)

  1. Somebody has to say it by Renegade+Lisp · · Score: 4, Interesting
    Well, to state the obvious: Would this problem have survived for so long if Arkeia Network Backup had been open source software?

    Large enterprises migrating to Linux now should be careful not to throw away the biggest advantage of their new platform by committing to all sorts of closed source software that happens to run on it.

    For the time being, I guess I'll stick to my proven, open source (free software even) backup solution involving tar, gpg, and ssh.