Title: Knox Arkeia Remote Stack Corruption Vulnerability
Severity: CRITICAL
Description:
Arkeia Server is an enterprise-based backup software solution distributed and maintained by Knox Software.
A remote vulnerability has been reported for the Knox Arkeia server. The issue is believed to occur due to insufficient bounds checking when handling data contained within a type 74 packet. As a result of this vulnerability, a remote attacker may be capable of triggering a buffer overrun that could allow partial or complete corruption of sensitive stack variables. This may allow for a saved frame pointer or saved return address to be influenced in such a way that the execution flow of the arkeiad process can be controlled.
Successful exploitation would ultimately allow for the execution of arbitrary code with the privileges of arkeiad, typically root.
Affected Products:
- Knox Software Arkeia Pro 5.1.12
References:
- Knox Software: Knox Software Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
