RE: ARCserve 6.61 Share Access Vulnerability

Tue, 18 Sep 2001 01:20:02 -0700 

It's been there since Arcserve 6.6 was created, so it must be :-)

---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK 

> -----Original Message-----
> From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
> Sent: 17 September 2001 18:56
> To: MS-Exchange Admin Issues
> Subject: RE: ARCserve 6.61 Share Access Vulnerability
> 
> 
> I thought that was old.
> 
> 
> -----Original Message-----
> From: Randal, Phil [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 17, 2001 4:31 AM
> To: MS-Exchange Admin Issues
> Subject: FW: ARCserve 6.61 Share Access Vulnerability
> 
> 
> Found on BugTraq
> 
> ---------------------------------------------
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK 
> 
> -----Original Message-----
> From: ron [mailto:[EMAIL PROTECTED]]
> Sent: 16 September 2001 05:27
> To: [EMAIL PROTECTED]
> Subject: ARCserve 6.61 Share Access Vulnerability
> 
> 
> I have found a vulnerability with ARCServe for NT 6.61 SP2a. 
> I stumbled upon
> this while performing a vulnerability analysis. 
> 
> Details:
> 
> The default install of ARCServe for NT creates a hidden share 
> on Windows NT
> machines when it is installed.
> 
> The name of this share is ARCSERVE$.
> 
> The permissions of the share allow all users in a domain to 
> map this share.
> However, this is not the worst part.
> 
> Within the share is a file named aremote.dmp.  The full path is
> ARCSERVE$\DR\<NAME of SERVER>\aremote.dmp.
> 
> In the aremote.dmp file, the account name that runs the backup is in
> cleartext within this file.  Also, a little further
> within the file, the password for the account is in cleartext.
> 
> Seeing as how the account that performs backups can access 
> system files,
> this is very dangerous.  Some places run their
> backups as the NT domain administrator account.
> 
> Fix:
> 
> CA has been notified and will be making a patch available to 
> all customers.
> 
> 
> Also, it _should_ be possible to change the share 
> permissions, allowing only
> the backup account and the administrator access to the share.
> 
> 
> I am not sure if this is in ARCServe 2000 or in releases 
> prior, as I have
> not checked them.
> 
> - rdr
> 
> List Charter and FAQ at:
> http://www.sunbelt-software.com/exchange_list_charter.htm
> 

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

Reply via email to