Forum Discussion
- bc1410Level 6
Hello -
We are currently on 9.1.0.1
I was informed to run the latest Veritas Update for 9.1.0.1 - NetBackup 9.1.0.1 / 4.1.0.1 Hotfix - MSDP Preferred EEB Bundle (Etrack 4047040)
This was added to the Veritas Support on 5/13/2024 - yesterday.
We dont use MSDP. I installed it on a Test Netbackup client that is showing the HIGH vulnerability but it did nothing. Seem like it skipped pretty much everything.
So is the alternative to fix/clear the vulnerability for no permissions on C:\ProgramData\boost_interprocess
Is to give the local Administrator account FULL access only or ?
Thanks
BC
- Vincent_LLevel 3I also applied the EEB fix for clients 10.0.0.1 and still being flagged out by the scanner.
Seems like only way is to upgrade to min 10.1.1 and apply the fix or apply the mitigation.- bc1410Level 6
I was told by Veritas that can change the permission on the "C:\ProgramData\boost_interprocess " so that non-administrator users cannot access the boost_interprocess directory.
Veritas stated that this will not clear the vuln from security center and that we would probably need to recast the vulnerability in security center
- Hamza_HModerator
the recommended is to upgrade to minimum 10.1.1 and apply msdp bundle eeb for that version on your windows servers.(execpt for 10.4 which doesn't require any eeb installation).
otherwise, as it is described in the article the mitigation step is to restrict access to the boost_interprocess directory (C:\ProgramData\boost_interprocess) to local administrator users only
- Vincent_LLevel 3How about those Master servers, ops centre running on Windows and on version 10.1.1? Needs to apply the EEB as well?
- Hamza_HModerator
Hi Vincent,
as it is stated in the article by veritas:
Affected Components: Only on Microsoft Windows Operating Systems - Primary Server, Media Server and Clients
Affected Versions: 10.3.0.1, 10.3, 10.2.0.1, 10.2, 10.1.1, 10.1, 10.0.0.1, 10.0, 9.1.0.1, 9.1, 8.3.0.2.
Note: Older unsupported versions may also be affected.Recommended Action:
- Upgrade to version 10.4 (no EEB needed), or
- Upgrade to version 10.3.0.1 and apply 10.3.0.1 EEB from Download Center, or
- Upgrade to version 10.2.0.1 and apply 10.2.0.1 EEB from Download Center, or
- Upgrade to version 10.1.1 and apply 10.1.1 EEB from DownloadCenter.
Mitigation: Restrict access to the boost_interprocess directory (C:\ProgramData\boost_interprocess) to local administrator users only
so for 10.1.1 you need to install the MSDP bundle on all servers concerned (master, media & clients).
- StefanosMLevel 6
I'm not sure that is present at 7.7.3.
It it is, you can try to stop and disable the "NetBackup Deduplication Multi-Threaded Agent" service
https://www.veritas.com/support/en_US/article.100038632or check for "Configuring the Deduplication Multi-Threaded Agent behavior" at the deduplication guide of 7.7.3
- fb1Level 2
Thanks Jnardello for the reply.
So for that upgradation is the only option or can we prevent this from client end to change any settings on OS level.
- jnardelloModerator
If you are still running 8 year old NetBackup software, let alone an OS that is still supported, this advisory is probably a drop in the bucket.
Yes client-side deduplication was a feature under v7.7.3, so yes you're probably vulnerable.
Yes, you should be telling your Management that clients that insist on running the legacy OSes that still require versions this old are massive security risks, are unsupported by the involved Vendors, and should be shutdown for the safety (and sanity) of everyone.
Related Content
- 5 months ago
- 9 years ago
- 12 years ago