During the testing of arkeia a few security holes has been discovered.
Vulnerable System: Arkeia 4.2.x, 5.2.x and 5.3.x
Details:
1. Writable directory
$ ls -ld /opt/arkeia/server/dbase/ drwxrwxrwx 10 root root 4096 gru 27 13:40 /opt/arkeia/server/dbase/
2. Default the "root" account password is set to null
$ cat /opt/arkeia/server/dbase/f3sec/usr.lst ITEM { "NODE" "*" "PASSWORD" "" "ROLE" "ADMINISTRATOR" "NAME" "root" }
3. Password file readable by any user
$ ls -l /opt/arkeia/server/dbase/f3sec/usr.lst -rw-r--r-- 1 root root 117 gru 27 13:59 /opt/arkeia/server/dbase/f3sec/usr.lst
4. password is hashed with the crypt function with a constant salt ( the characters "n3" ) - 8 character passwords maximum See: http://seclists.org/lists/bugtraq/2001/Aug/0237.html
5. arkeiad is starting default on all computers
$ netstat -nlp | grep 617 tcp 0 0 0.0.0.0:617 0.0.0.0:* LISTEN 5570/arkeiad
arkeiad isn't needed on client-gui
Conclusion: Nothing has changed since version 4.2. See References. Vendor informed: April, 2004 Thanks: Quentyn Taylor References: http://www.securityfocus.com/archive/1/205378 http://www.arkeia.com/