Vulnerabilities > CVE-2005-0491 - Remote Stack-Based Buffer Overrun vulnerability in Knox Arkeia Type 77 Request

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
knox-software
critical
nessus
exploit available
metasploit
NVD
Published: 2005-05-02
Updated: 2017-07-11

Summary

Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.

Vulnerable Configurations

Part Description Count
Application
Knox_Software
9

Exploit-Db

  • descriptionKnox Arkeia Server Backup 5.3.x Remote Root Exploit. CVE-2005-0491. Remote exploits for multiple platform
    idEDB-ID:828
    last seen2016-01-31
    modified2005-02-18
    published2005-02-18
    reporterJohn Doe
    sourcehttps://www.exploit-db.com/download/828/
    titleKnox Arkeia Server Backup 5.3.x - Remote Root Exploit
  • descriptionArkeia Backup Client Type 77 Overflow (Mac OS X). CVE-2005-0491. Remote exploit for osx platform
    idEDB-ID:16865
    last seen2016-02-02
    modified2010-05-09
    published2010-05-09
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16865/
    titleArkeia Backup Client Type 77 - Overflow Mac OS X
  • descriptionArkeia Backup Client Type 77 Overflow (Win32). CVE-2005-0491. Remote exploit for win32 platform
    idEDB-ID:16466
    last seen2016-02-01
    modified2010-05-09
    published2010-05-09
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16466/
    titleArkeia Backup Client Type 77 - Overflow Win32
  • descriptionArkeia Backup Client. CVE-2005-0491. Remote exploit for osx platform
    idEDB-ID:9930
    last seen2016-02-01
    modified2005-02-18
    published2005-02-18
    reporterH D Moore
    sourcehttps://www.exploit-db.com/download/9930/
    titleArkeia Backup Client <= 5.3.3 - Type 77 Overflow OS X
  • descriptionKnox Arkeia Pro 5.1.12 Backup Remote Root Exploit. CVE-2005-0491. Remote exploit for linux platform
    idEDB-ID:102
    last seen2016-01-31
    modified2003-09-20
    published2003-09-20
    reporterN/A
    sourcehttps://www.exploit-db.com/download/102/
    titleKnox Arkeia Pro 5.1.12 Backup Remote Root Exploit

Metasploit

Nessus

NASL familyGain a shell remotely
NASL idARKEIA_TYPE77_OVERFLOW.NASL
descriptionThe remote host is running Arkeia Network Backup agent, used for backups of the remote host. The remote version of this agent contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary commands on the remote host with the privileges of the Arkeia daemon, usually root.
last seen2020-06-01
modified2020-06-02
plugin id17158
published2005-02-21
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17158
titleKnox Arkeia Backup Client Type 77 Request Processing Buffer Remote Overflow
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(17158);
 script_version("1.18");
 script_cve_id("CVE-2005-0491");
 script_bugtraq_id(12594);

 script_name(english:"Knox Arkeia Backup Client Type 77 Request Processing Buffer Remote Overflow");

 script_set_attribute(attribute:"synopsis", value:
"The remote backup service is prone to a buffer overflow attack." );
 script_set_attribute(attribute:"description", value:
"The remote host is running Arkeia Network Backup agent, used for
backups of the remote host. 

The remote version of this agent contains a buffer overflow
vulnerability that may allow an attacker to execute arbitrary commands
on the remote host with the privileges of the Arkeia daemon, usually
root." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Feb/413" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Arkeia 5.3.5, 5.2.28 our 5.1.21." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Arkeia Backup Client Type 77 Overflow (Win32)');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2005/02/21");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/02/18");
 script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 script_summary(english:"Checks the version number of the remote arkeia daemon");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Gain a shell remotely");
 script_require_ports(617);
 script_dependencie("arkeia_default_account.nasl");
 exit(0);
}


version =  get_kb_item("arkeia-client/617");
if ( ! version ) exit(0);
if ( ereg(pattern:"^([0-4]\.|5\.0|5\.1\.([0-9](1?[^0-9]|$)|20)|5\.2\.(1?[0-9]([^0-9]|$)|2[0-7])|5\.3\.[0-4]([^0-9]|$))", string:version))
	security_hole(617);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82305/type77.rb.txt
idPACKETSTORM:82305
last seen2016-12-05
published2009-10-28
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/82305/Arkeia-Backup-Client-Type-77-Overflow.html
titleArkeia Backup Client Type 77 Overflow

Saint

bid12594
descriptionArkeia Type 77 Request buffer overflow
idmisc_arkeia77
osvdb14011
titlearkeia_type_77_request
typeremote

References