NetBackup security vulnerabilities discovered

X2 · ‎03-02-2017

This was brought to our notice by our Information Security team: http://seclists.org/fulldisclosure/2017/Feb/101

I checked and couldn't find it listed on the Veritas support page under Alerts. So posting here for the community.

PS: Found the details on Veritas site on reaching the end of disclosure report: https://www.veritas.com/content/support/en_US/security/VTS17-003.html

Thiago_Ribeiro · ‎06-27-2017

Hi @X2, Hi everyone,

Just to update....

Would be nice if all of you check these articles about Netbackup and Netbackup Appliances Vulnerabilities...

VTS17-003: Multiple Vulnerabilities in Veritas NetBackup, NetBackup Appliance and Access - https://www.veritas.com/content/support/en_US/security/VTS17-003.html

NetBackup:

7.7.2
7.7.3

NetBackup Appliances:

2.7.2
2.7.3

VTS17-004: Multiple Vulnerabilities in Veritas NetBackup and NetBackup Appliance - https://www.veritas.com/content/support/en_US/security/VTS17-004.html

NetBackup:

8.0
7.7.3
7.7.2

NetBackup Appliances:

3.0 (Including NetBackup Virtual Appliance)
2.7.3
2.7.2

VTS17-005: Remote Command Execution Vulnerability in Veritas NetBackup Appliance - https://www.veritas.com/content/support/en_US/security/VTS17-005.html

NetBackup Appliances:

2.7.2
2.7.3
3.0

Regards,

Thiago

Thiago_Ribeiro · ‎06-28-2017

Hi everyone,

Another one, take a look.

Samba vulnerability in NetBackup Appliances - CVE-2017-7494
http://www.veritas.com/docs/000126754

CVSS Base Score: 7.5
A remote code execution flaw was found in the Samba versions that are used in the NetBackup Appliances.
A malicious authenticated Samba client, having write access to the Samba share, could use this flaw to execute arbitrary code as root.

NetBackup Appliance software versions 2.7.1 and later are affected by this vulnerability.

Note: This vulnerability does not affect the NetBackup and OpsCenter software applications.

Regards,

Thiago

VOX

NetBackup security vulnerabilities discovered