Bugtraq mailing list archives
Re: Arkeia Possible remote root & information leakage
From: Joe Glass <joe () glass cl msu edu>
Date: Fri, 17 Aug 2001 13:13:28 -0400
More importantly, you could run a command as root on any box that is backed up by Arkeia. (I'm sure you already know this, but it wasn't completely clear in this e-mail). I forwarded your e-mail to the Arkeia userlist. It seems as though the moderators at Knox don't let these e-mails show up on their userlist though. I forwarded the last security issue that was talked about on bugtrack to the userlist serveral times, but it never appeared. Which doesn't make sense to me.
##Implications the password (effectively a root password) once you have access through the gui, you have the possibility of running a command from the gui before and after the backup job. This command is run as root and can be anything. Therefore you have full access to the box to do with as you please.
-- Joe Glass Technical Support Services, Michigan State University phone: 517-355-4500 x240 e-mail: joe () glass cl msu edu
Current thread:
- Arkeia Possible remote root & information leakage quentyn (Aug 17)
- Re: Arkeia Possible remote root & information leakage Joe Glass (Aug 17)
- <Possible follow-ups>
- RE: Arkeia Possible remote root & information leakage Neil Curri (Aug 17)
- Re: Arkeia Possible remote root & information leakage quentyn (Aug 19)