OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Full-Disclosure] Release of Arkeia Network Backup 5.3.5 fixes security issue

From: Arnaud Spicht (aspichtarkeia.com)
Date: Wed Feb 23 2005 - 10:59:47 CST


After carefully examining issues recently discussed in public technical
forums, Arkeia Corp. has immediately released a new version to block any
potential invasion of Arkeia protected networks.

ANB 5.3.5 fixes a buffer overflow bug that could allow a remote attacker
to remotely execute arbitrary code, and thereby get root access to the
machine.

The fix is also applicable to previous versions of Arkeia (5.1, 5.2,
Arkeia Light). The appropriate packages can be found on the Arkeia websites:

     * http://www.arkeia.com/donwload/anb/ (Version 5.3.5)
     * http://www.arkeia.com/donwload/52/ (Version 5.2.28)
     * http://www.arkeia.com/donwload/51/ (Version 5.1.21)

For Arkeia light: http://www.arkeia.org/download/light/

If you are using Arkeia in an untrusted environment such as a publicly
accessible Web server or corporate mail gateway, it is strongly advised
to upgrade to this version. The bug is in the arkeiad daemon process,
making it necessary to upgrade all the sensitive client machines.

Arkeia users should also remember to take into account Arkeia security
recommendations in the Arkeia User Manual "Appendix B: System Security."
We urge you to read again the sections describing how to secure Arkeia
against system-level intrusion.
Get the Arkeia_User_Manual.pdf at http://www.arkeia.com/manuals.html

To stay up-to-date on all new releases and upgrades of Arkeia Enterprise
Solutions, you can subscribe to Arkeia Announcements at
http://www.arkeia.com/mailinglists/
--
Arnaud Spicht, CTO
Arkeia Corp Arkeia SA
1808 Aston Avenue, Suite 220 41 rue Delizy
Carlsbad, CA 92008 93692 Pantin Cedex
USA France
Tel: (760) 431.1319 Tel: +33 (0)1 48 10 89 89
Fax: (760) 602.8599 Fax: +33 (0)1 48 10 89 90
http://www.arkeia.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html