[22296] in bugtraq
Re: Arkeia Possible remote root & information leakage
daemon@ATHENA.MIT.EDU (Joe Glass)
Fri Aug 17 13:38:47 2001
Message-ID: <3B7D50B8.6A6ED47F@glass.cl.msu.edu>
Date: Fri, 17 Aug 2001 13:13:28 -0400
From: Joe Glass <joe@glass.cl.msu.edu>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
More importantly, you could run a command as root on any box that is
backed up by Arkeia. (I'm sure you already know this, but it wasn't
completely clear in this e-mail). I forwarded your e-mail to the Arkeia
userlist. It seems as though the moderators at Knox don't let these
e-mails show up on their userlist though. I forwarded the last security
issue that was talked about on bugtrack to the userlist serveral times,
but it never appeared. Which doesn't make sense to me.
> ##Implications
> the password (effectively a root password) once you have access through
> the gui, you have the possibility of running a command from the gui
> before and after the backup job. This command is run as root and can be
> anything. Therefore you have full access to the box to do with as you
> please.
--
Joe Glass
Technical Support Services, Michigan State University
phone: 517-355-4500 x240
e-mail: joe@glass.cl.msu.edu
