03-02-2017 10:37 AM - edited 03-02-2017 10:49 AM
This was brought to our notice by our Information Security team: http://seclists.org/fulldisclosure/2017/Feb/101
I checked and couldn't find it listed on the Veritas support page under Alerts. So posting here for the community.
PS: Found the details on Veritas site on reaching the end of disclosure report: https://www.veritas.com/content/support/en_US/security/VTS17-003.html
06-27-2017 12:26 PM
Hi @X2, Hi everyone,
Just to update....
Would be nice if all of you check these articles about Netbackup and Netbackup Appliances Vulnerabilities...
VTS17-003: Multiple Vulnerabilities in Veritas NetBackup, NetBackup Appliance and Access - https://www.veritas.com/content/support/en_US/security/VTS17-003.html
NetBackup:
7.7.2
7.7.3
NetBackup Appliances:
2.7.2
2.7.3
VTS17-004: Multiple Vulnerabilities in Veritas NetBackup and NetBackup Appliance - https://www.veritas.com/content/support/en_US/security/VTS17-004.html
NetBackup:
8.0
7.7.3
7.7.2
NetBackup Appliances:
3.0 (Including NetBackup Virtual Appliance)
2.7.3
2.7.2
VTS17-005: Remote Command Execution Vulnerability in Veritas NetBackup Appliance - https://www.veritas.com/content/support/en_US/security/VTS17-005.html
NetBackup Appliances:
2.7.2
2.7.3
3.0
Regards,
Thiago
06-28-2017 10:52 AM
Hi everyone,
Another one, take a look.
Samba vulnerability in NetBackup Appliances - CVE-2017-7494
http://www.veritas.com/docs/000126754
CVSS Base Score: 7.5
A remote code execution flaw was found in the Samba versions that are used in the NetBackup Appliances.
A malicious authenticated Samba client, having write access to the Samba share, could use this flaw to execute arbitrary code as root.
NetBackup Appliance software versions 2.7.1 and later are affected by this vulnerability.
Note: This vulnerability does not affect the NetBackup and OpsCenter software applications.
Regards,
Thiago