Slashdot Mirror

← Back to Stories (view on slashdot.org)

Arkeia Network Backup Agent Remote Access

Posted by timothy on Sunday February 20, 2005 @11:11PM from the security-is-for-dead-people dept.

hdm writes "The Metasploit Project has published a security analysis of the Arkeia Network Backup Client. Anyone able to connect to TCP port 617 can gain read/write access to the filesystem of any host running the Arkeia agent software. This appears to be an intentional design decision on the part of the Arkeia developers. A long-winded description of this issue, complete with screen shots, demonstration code, and packet captures can be found in the research article. Arkeia has been credited with being the first commercial backup product for the Linux platform."

2 of 168 comments (clear)

Min score:

Reason:

Sort:

Re:Somebody has to say it by mirko · 2005-02-20 23:29 · Score: 1, Redundant

Linus has another solution:

"Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it."

--
Trolling using another account since 2005.
Already have that feature... by timotten · 2005-02-21 00:01 · Score: 0, Redundant

Anyone able to connect to TCP port 617 can gain read/write access to the filesystem of any host running the Arkeia agent software. This appears to be an intentional design decision on the part of the Arkeia developers... the first commercial backup product for the Linux platform...

Ha! I've already got a feature just like that, and I didn't even have to pay for my NFS software.