from the security-is-for-dead-people dept.
hdm writes "The Metasploit Project has published a security analysis of the Arkeia Network Backup Client. Anyone able to connect to TCP port 617 can gain read/write access to the filesystem of any host running the Arkeia agent software. This appears to be an intentional design decision on the part of the Arkeia developers. A long-winded description of this issue, complete with screen shots, demonstration code, and packet captures can be found in the
research article. Arkeia has been credited with being the
first commercial backup product for the Linux platform."
There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence.
-- Jeremy S. Anderson