Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Data Storage Software IT Linux

Arkeia Network Backup Agent Remote Access 168

Posted by timothy from the security-is-for-dead-people dept.
hdm writes "The Metasploit Project has published a security analysis of the Arkeia Network Backup Client. Anyone able to connect to TCP port 617 can gain read/write access to the filesystem of any host running the Arkeia agent software. This appears to be an intentional design decision on the part of the Arkeia developers. A long-winded description of this issue, complete with screen shots, demonstration code, and packet captures can be found in the research article. Arkeia has been credited with being the first commercial backup product for the Linux platform."
This discussion has been archived. No new comments can be posted.

Arkeia Network Backup Agent Remote Access More

Arkeia Network Backup Agent Remote Access

Comments Filter:

  • Somebody has to say it (Score:5, Interesting)

    by Renegade Lisp ( 315687 ) * on Monday February 21, 2005 @07:14AM (#11734729)
    Well, to state the obvious: Would this problem have survived for so long if Arkeia Network Backup had been open source software?

    Large enterprises migrating to Linux now should be careful not to throw away the biggest advantage of their new platform by committing to all sorts of closed source software that happens to run on it.

    For the time being, I guess I'll stick to my proven, open source (free software even) backup solution involving tar, gpg, and ssh.

  • Re:got root? (Score:3, Interesting)

    by danielrose ( 460523 ) on Monday February 21, 2005 @07:26AM (#11734766) Homepage Journal
    Perhaps allowing read only access to the physical device, ie /dev/sda, and backing up at a bit level, of course this does not seem to be as economical or easy as backing up individual files... but i may be wrong.

  • A little filtering (aka firewalling) might be good (Score:1, Interesting)

    by badger.foo ( 447981 ) <peter@bsdly.net> on Monday February 21, 2005 @08:31AM (#11734986) Homepage
    I see this story mainly as a reminder that your default firewall policy should be to block. Then open up only what you need.

    Seriously, 617 may be a very nice number, but the number of host with a real need to access that port on your machine is likely to be a short one.

    Oh well. See http://undeadly.org/ [undeadly.org] for links to a vaguely relevant lecture / tutorial.

  • Re:Specifications (Score:3, Interesting)

    by Spoing ( 152917 ) on Monday February 21, 2005 @09:04AM (#11735100) Homepage
    1. It's very frustrating when you find previously unknown and undocumented features in software that you have purchased.

    Well, for this situation finding a potential problem is easy: Port scan, [insecure.org] security scanner. [nessus.org] Two things that you should be doing on every network enabled device.

    The time consuming part comes with the follow up where you check the results of the scans on the local machines [tcpdump.org] and determine if you trust that the exposed services are being handled by secure apps. If in doubt, use an encrypted tunnel or yank the service -- whatever is appropriate. (If neither is an option, determine the danger and try and deal with it as best you can.)

    Along with that, setting up a filter to check for supposedly unused ports can catch some clever developers.

    Not perfect (it doesn't handle piggybacked dynamic connections on port 80 for example), though it is a good initial test.

Slashdot Top Deals

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.

Close