CVE-2005-0491

Knox Arkeia Server Backup 5.3.x - Remote Code Execution via Type 77 Request

Title source: llm

Exploitation Summary

EIP tracks 7 public exploits for CVE-2005-0491. PoCs published by Metasploit, H D Moore, John Doe, including Metasploit module exploits/windows/arkeia/type77.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in Arkeia Backup Client (CVE-2005-0491) for Windows. It targets multiple versions and includes SEH-based exploitation for reliable code execution.

Description

Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.

Exploits (7)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows_x86

https://www.exploit-db.com/exploits/16466

View Code ZIP pw:eip

This is a Metasploit module exploiting a stack buffer overflow in Arkeia Backup Client (CVE-2005-0491) for Windows. It targets multiple versions and includes SEH-based exploitation for reliable code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Arkeia Backup Client (versions up to 5.3.3)

No auth needed

Prerequisites: Network access to the Arkeia backup client service · Target system running a vulnerable version of Arkeia

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteosx

https://www.exploit-db.com/exploits/16865

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in the Arkeia backup client for Mac OS X (CVE-2005-0491). It crafts a malicious packet to overwrite the return address and execute arbitrary payloads, achieving remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Arkeia Backup Client up to 5.3.3 on Mac OS X

No auth needed

Prerequisites: Network access to the Arkeia backup client · Target running a vulnerable version of Arkeia on Mac OS X

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by H D Moore · rubyremoteosx

https://www.exploit-db.com/exploits/9930

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in the Arkeia backup client for Mac OS X (CVE-2005-0491). It crafts a malicious packet to overwrite the return address and execute arbitrary payloads, achieving remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Arkeia Backup Client up to 5.3.3 on Mac OS X

No auth needed

Prerequisites: Network access to the Arkeia backup client on Mac OS X

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by John Doe · cremotemultiple

https://www.exploit-db.com/exploits/828

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in Knox Arkeia Server Backup (CVE-2005-0491) by sending a crafted type 77 request. It includes shellcode for both Linux (exporting an xterm) and Windows (binding a shell to port 80), demonstrating remote code execution (RCE) capabilities.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Knox Arkeia Server Backup <= 5.3.x

No auth needed

Prerequisites: Network access to the target on port 617 · Target must be running a vulnerable version of Knox Arkeia Server Backup

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by anonymous · cremotelinux

https://www.exploit-db.com/exploits/102

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Knox Arkiea (CVE-2005-0491) to achieve remote code execution. It sends a NOP sled followed by shellcode to bind a shell on port 5074, then triggers the overflow to redirect execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Knox Arkiea (version not specified, tested on Redhat 8.0 and 7.2)

No auth needed

Prerequisites: Network access to target on port 617 · Target must be running vulnerable Knox Arkiea service

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

by hdm · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/arkeia/type77.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in the Arkeia backup client for Windows (CVE-2005-0491). It targets multiple versions (4.x and 5.x) by sending a crafted type 77 packet to trigger remote code execution via SEH or direct return address overwrites.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Arkeia Backup Client (versions up to 5.3.3)

No auth needed

Prerequisites: Network access to the Arkeia backup client service (TCP port 617 typically)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC NORMAL

by hdm · rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/arkeia/type77.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in the Arkeia backup client for Mac OS X (CVE-2005-0491). It crafts a malicious packet with a controlled return address and payload to achieve remote code execution on vulnerable systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Arkeia Backup Client up to and including 5.3.3 on Mac OS X

No auth needed

Prerequisites: Network access to the Arkeia backup client on Mac OS X · Vulnerable version of Arkeia (up to 5.3.3)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14327

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12594

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110887325425794&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19398

Scores

EPSS 0.6490

EPSS Percentile 99.1%

Details

Status published

Products (9)

knox_software/arkeia_server_backup 5.3.0

knox_software/arkeia_server_backup 5.3.0_rc1

knox_software/arkeia_server_backup 5.3.0_rc2

knox_software/arkeia_server_backup 5.3.0_rc3

knox_software/arkeia_server_backup 5.3.0_rc4

knox_software/arkeia_server_backup 5.3.1

knox_software/arkeia_server_backup 5.3.2

knox_software/arkeia_server_backup 5.3.3

knox_software/arkeia_server_backup 5.3.4

Published May 02, 2005

Tracked Since Feb 18, 2026