SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Arkeia Vendors:   Knox Software
Arkeia Backup Software May Use Unsafe Permissions for Its Backup Database, Allowing Local Users to View and Modify the Database
SecurityTracker Alert ID:  1002083
SecurityTracker URL:  http://securitytracker.com/id/1002083
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 25 2001
Impact:   Denial of service via local system, Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 4.2.8-2; possibly others
Description:   A vulnerability was reported in some configurations of the Arkeia backup software that allows local users to access and modify the software's backup database.

It is reported that the commercial version of Arkeia backup software may create most of its database files with the permissions of 666 (which includes global read and global write permissions). The database files are located in /usr/knox/arkeia/dbase.

It is reported that resetting permissions to remove global read and write permissions is ineffective, as the 666 permissions are set when the backup runs.
Impact:   A local user could obtain or modify the backup software's backup database. This could disclose file names to local users and could be used to create a denial of service condition against the backup software.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.arkeia.com/index.html (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Any)

Message History:   None.

 Source Message Contents
Date:  Mon, 23 Jul 2001 13:16:15 -0500
Subject:  permission probs with Arkeia


While working with the commercial version of Arkeia backup software I
noticed it creates most of it's "database" files with the permissions of
666.  This was version 4.2.8-2 of the server, and I had noticed this several
updates ago, so it's been going on for some time.  The database files are
located in /usr/knox/arkeia/dbase.  I have tried resetting the permissions
on the files, but they get reset again when backup runs again.  I tried
contacting Knox Software but was told more than once that basically I don't
have a support contract so they wouldn't talk to me - they were warned.  I
wasn't able to find anything about this in their documentation.

Dan

=========================
Daniel Wittenberg
System Administrator
University of Iowa
http://dan.its.uiowa.edu


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC