Title: Arkeia Backup World Writable File Creation Vulnerability
Severity: HIGH
Description:
Arkeia Backup is a full-feature enterprise system backup infrastructure, distributed and maintained by Knox Software.
A problem in the software package may lead to a local user overwriting root owned files. This problem could lead to a user denying service to legitimate users of the system, or potentially gaining elevated privileges. The problem is in the permissions of created files.
During normal operation, the Arkeia backup software package functions between backup clients and the backup server. The backup clients initiate a backup session with the server. Upon receiving the backup data from the clients, the server stores the information on the configured backup device; tape, drive, or other backup medium.
After execution, Arkeia creates a number of files on the local file system in the database directory, by default /usr/knox/arkeia/dbase. The backup software normally executes as root, which results in all files created by the backup software being root-owned. The software does not exercise sufficient file access control, and creates these files with 0666 permissions. This allows a user with local access to remove, and potentially recreate the name of a predictable file created by the software in the form of a symbolic link. This symbolic link could overwrite any local root-owned file, resulting in a denial of service, and potentially elevation of privileges.
Affected Products:
- Knox Software Arkeia 4.0.0
- Knox Software Arkeia 4.1.0
- Knox Software Arkeia 4.2.0
- Knox Software Arkeia 5.2.0
- Knox Software Arkeia 5.3.0
- Knox Software Arkeia Server 4.2.8 -2
- S.u.S.E. Linux 6.2.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
