Hello Team,
Security Advisory affecting NetBackup on Windows--Issue: Arbitrary File Delete ---any impact on Netbackup version 7.7.3 & lower versions.
Below is the reference article:
Hello -
We are currently on 9.1.0.1
I was informed to run the latest Veritas Update for 9.1.0.1 - NetBackup 9.1.0.1 / 4.1.0.1 Hotfix - MSDP Preferred EEB Bundle (Etrack 4047040)
This was added to the Veritas Support on 5/13/2024 - yesterday.
We dont use MSDP. I installed it on a Test Netbackup client that is showing the HIGH vulnerability but it did nothing. Seem like it skipped pretty much everything.
So is the alternative to fix/clear the vulnerability for no permissions on C:\ProgramData\boost_interprocess
Is to give the local Administrator account FULL access only or ?
Thanks
BC
I was told by Veritas that can change the permission on the "C:\ProgramData\boost_interprocess " so that non-administrator users cannot access the boost_interprocess directory.
Veritas stated that this will not clear the vuln from security center and that we would probably need to recast the vulnerability in security center
the recommended is to upgrade to minimum 10.1.1 and apply msdp bundle eeb for that version on your windows servers.(execpt for 10.4 which doesn't require any eeb installation).
otherwise, as it is described in the article the mitigation step is to restrict access to the boost_interprocess directory (C:\ProgramData\boost_interprocess) to local administrator users only
Hi Vincent,
as it is stated in the article by veritas:
Affected Components: Only on Microsoft Windows Operating Systems - Primary Server, Media Server and Clients
Affected Versions: 10.3.0.1, 10.3, 10.2.0.1, 10.2, 10.1.1, 10.1, 10.0.0.1, 10.0, 9.1.0.1, 9.1, 8.3.0.2.
Note: Older unsupported versions may also be affected.
Recommended Action:
Mitigation: Restrict access to the boost_interprocess directory (C:\ProgramData\boost_interprocess) to local administrator users only
so for 10.1.1 you need to install the MSDP bundle on all servers concerned (master, media & clients).
I'm not sure that is present at 7.7.3.
It it is, you can try to stop and disable the "NetBackup Deduplication Multi-Threaded Agent" service
https://www.veritas.com/support/en_US/article.100038632
or check for "Configuring the Deduplication Multi-Threaded Agent behavior" at the deduplication guide of 7.7.3
Thanks Jnardello for the reply.
So for that upgradation is the only option or can we prevent this from client end to change any settings on OS level.
If you are still running 8 year old NetBackup software, let alone an OS that is still supported, this advisory is probably a drop in the bucket.
Yes client-side deduplication was a feature under v7.7.3, so yes you're probably vulnerable.
Yes, you should be telling your Management that clients that insist on running the legacy OSes that still require versions this old are massive security risks, are unsupported by the involved Vendors, and should be shutdown for the safety (and sanity) of everyone.
