Originally Published: Monday, 27 September 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Knox Software Arkiea BackUp Vulnerable

In an alert released via BugTraq, vulnerabilities were identified in this package, which is shipped with many operating systems. Special mention was made as to its inclusion in SuSE 6.2, where it may be exploited for a root shell...

   Page 1 of 1  

From BugTraq:

1. Buffer overflows in /usr/knox/bin/rnavc and /usr/knox/bin/nlservd (suid by default in SuSE 6.2) yield local root.

2. A long string to nlservd's open port results in a crash. This at least a DoS, possibly a remote exploit if anyone cares to take the time to investigate.

According to the web page, the Arkiea backup package runs on dozens of OS's so this is certianly not limited to SuSE or Linux.

   Page 1 of 1