09-29-2014 09:15 AM
We are running Backup Exec 12.5, is it at all Vulnerable to ShellShock?
Solved! Go to Solution.
10-01-2014 02:00 AM
Hello there,
Though BE is not installed on Unix as Media server we do have our RALUS agent installed on supported Linux and Unix servers. ShellShock vulnerability is on bash itself. Backup Exec does not distribute linux or bash in its product (any version of BE). So Backup exec is not affected by ShellShock.
All Linux vendors have issued security advisories for the newly discovered vulnerability including patching information to prevent an attack. So the best way to keep away from ShellShock is apply the patches released by Linux vendors.
Also for more information, other Symantec software (Symantec system Recovery) is not affected too.
Refer: http://www.symantec.com/docs/TECH225068
Regards,
-Sush...
09-29-2014 09:42 AM
Hi,
Doubt it...it appears to be vulnerability in Unix, and BE doesn't install on Unix as a media server at all.
Thanks!
10-01-2014 02:00 AM
Hello there,
Though BE is not installed on Unix as Media server we do have our RALUS agent installed on supported Linux and Unix servers. ShellShock vulnerability is on bash itself. Backup Exec does not distribute linux or bash in its product (any version of BE). So Backup exec is not affected by ShellShock.
All Linux vendors have issued security advisories for the newly discovered vulnerability including patching information to prevent an attack. So the best way to keep away from ShellShock is apply the patches released by Linux vendors.
Also for more information, other Symantec software (Symantec system Recovery) is not affected too.
Refer: http://www.symantec.com/docs/TECH225068
Regards,
-Sush...
10-01-2014 05:04 AM
Backup exec server is not vulnerable since you can not intall it on unix or linux server. Only the agent (RALUS) can be installed on linux but then still this is a bash bug and bash is part of the operating system. You should install the security updates released by your os vendor to fix the shellshock vulnerability.
10-01-2014 05:55 AM
...not sure why you are simply repeating the same information contained in the 2 posts above?
Thanks!