Please enter search query. Search all support & community content...
Ratings: 0 0
DescriptionCVE-2016-7399: Remote Code Execution (RCE) vulnerability
CVSS base Score: 10
One instance was identified on Veritas NetBackup Appliance where an unauthenticated attacker could gain RCE through the NetBackup Web Management Interface.
It is possible to utilize special characters to execute commands on the underlying operating system as the root user which calls the internal scripts.
NetBackup Appliance software version 184.108.40.206 and later are affected by this vulnerability.
The fix is available in the NetBackup appliance 3.0 release.
Note: This vulnerability does not affect NetBackup software and OpsCenter.
Action RequiredEmergency Engineering Binaries (EEBs) are available to fix this vulnerability on the following releases of the NetBackup appliances:
- version 220.127.116.11, 18.104.22.168, 2.7.2 and 2.7.3.
Apply the appropriate EEB for your version.
Before installing the EEB, note the following:
- This EEB fix is also available as a part of the EEB mentioned in the following article:
- If you already have this EEB installed, you can still install the EEB from article.000126557.
- Do not install this EEB after installing EEB from article.000126557.
- To avoid an EEB installation failure, you must stop all NetBackup jobs before installing the EEB.
- This EEB must be installed on both the master server and all associated media server appliances.
- A reboot is not required after EEB installation.
- If you upgrade your appliance after installing this EEB, you must reinstall the EEB that is associated with the upgraded software version.
- Do not attempt to disable the web service on the appliance to alleviate this problem.
- If your have installed the EEB from article.000126557 in addition to this EEB:
- This EEB must be rolled back after rollback of the EEB from article.000126557.
- If you rollback this EEB before rollback of EEB from article.000126557, appliance web service goes down and you cannot log in to appliance from web console. If this issue occurs, rollback EEB from article.000126557 and try again to rollback this EEB.
Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned in this article. Veritas is committed to product quality and satisfied customers.
Please access the following link for download and README information:
Oct. 16, 2016: EEB for version 2.7.2 included.
Related Knowledge Base Articles
Was this content helpful?
Rating submitted. Please provide additional feedback (optional):