Sign In
Forgot Password

Don’t have an account? Create One.

NetBackup OpsCenter HotFix - Apache Struts vulnerability - CVE-2018-11776 (article 100043979)

HotFix

Abstract

Apache Struts vulnerability in NetBackup OpsCenter - CVE-2018-11776

Description

NetBackup OpsCenter software versions 8.1.2 and earlier include versions of Apache Struts that are vulnerable to a Remote Code Execution.


A hotfix is available for NetBackup 7.7.3, 8.1, 8.1.1, and 8.1.2 which resolves this problem. These hotfixes can be downloaded for each version at the bottom of this article.


Security scanners may report this issue as a critical severity vulnerability for Apache Struts packages used on NetBackup OpsCenter.


Statement from NIST:

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using URL tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace.

Hotfix EEBs to update Apache Struts on NetBackup OpsCenter servers for 7.7.3, 8.1, 8.1.1, and 8.1.2 are available for download below. The formal resolution for this issue in these ETracks will be included in NetBackup OpsCenter 8.1.3


*** Standalone OpsCenter Installation ***

1) Stop All OpsCenter Server Processes

2) Extract the appropriate EEB package for your operating system

3) Change to the folder where the EEB package was extracted

4) OpsCenterEEBInstaller.bat -server base_directory_of_server_installation_in_quotes 

 Eg: OpsCenterEEBInstaller.bat -server "C:\Program Files\Veritas" 

5) Start All OpsCenter Server Processes


*** Clustered OpsCenter Installation ***

*** IT IS MANDATORY TO FOLLOW ALL THE STEPS FOR CLUSTERED OPSCENTER ***

    

1) Log on to the Opscenter cluster as a user with administrator privileges

        

2) Make sure that the shared disk is not mounted on any node in the cluster

   

   If applicable, unmount the OpsCenter shared mount point. Stop the volume the mount point is on and deport the disk group for that volume on all nodes of the cluster

               

3) Offline OpsCenter server resource by using cluster GUI or with the following command:

   

   hares -offline <opscenter server resource name> -sys <node>

                      

4) Freeze OpsCenter group by using cluster GUI or with the following command:

   

   hagrp -freeze <OpsCenter group name> -persistent -sys <node>

                      

5) Stop NetBackup OpsCenter cluster agent on all nodes of the OpsCenter group by using cluster GUI or with the following command:

   

   haagent -stop NetBackupOpsCenterVCS -force -sys <node>

                      

6) Log on to the primary node and install the EEB

   

   Extract the appropriate EEB package for your operating system

   Change to the folder where the EEB package was extracted

   OpsCenterEEBInstaller.bat -server base_directory_of_server_installation_in_quotes 

   

   Eg: OpsCenterEEBInstaller.bat -server "C:\Program Files\Veritas" 

        

7) After installing EEB on primary node, login to non-primary node and install EEB on all the non-primary nodes

     

    Extract the appropriate EEB package for your operating system

   Change to the folder where the EEB package was extracted

    OpsCenterEEBInstaller.bat -server base_directory_of_server_installation_in_quotes 

        

    Eg: OpsCenterEEBInstaller.bat -server "C:\Program Files\Veritas" 

                      

    NOTE : While intalling EEB on primary and non primary node, EEB installer script may show errors/warnings:

               

    'unable to restart opscenter services' or 

    'The dependency service or group failed to start'

                 

    We can safely ignore these errors/warnings and proceed with remaining steps of EEB.                 

               

8) After installing EEB on all nodes, start the NetBackup OpsCenter cluster agent on each node by using cluster GUI or with the following command

     

    haagent -start NetBackupOpsCenterVCS -sys <node>

   

9) Unfreeze the OpsCenter VCS group by using cluster GUI or with the following command:

     

    hagrp -unfreeze <OpsCenter group name> -persistent -sys <node>

 

Packages

NetBackup 7.7.3 - ET3956949

Package Contents:

OpsCenter_LinuxR_x86_x86_64_773EEB_ET3956949_1.tar.gz  RedHat x64 Installation

OpsCenter_LinuxS_x86_x86_64_773EEB_ET3956949_1.tar.gz  SuSe x64 Installation

OpsCenter_windows_AMD64_773EEB_ET3956949_1.zip         Windows x64 Installation

Checksums:

2981409260 63402833 all/OpsCenter_windows_AMD64_773EEB_ET3956949_1.zip

930242101 63408834 all/OpsCenter_LinuxS_x86_x86_64_773EEB_ET3956949_1.tar.gz

3011436093 63408834 all/OpsCenter_LinuxR_x86_x86_64_773EEB_ET3956949_1.tar.gz

NetBackup 8.0 - ET3956989

Package Contents:

OpsCenter_LinuxR_x86_x86_64_80EEB_ET3956989_1.tar.gz RedHat x64 Installation

OpsCenter_LinuxS_x86_x86_64_80EEB_ET3956989_1.tar.gz SuSe x64 Installation

OpsCenter_windows_AMD64_80EEB_ET3956989_1.zip     Windows x64 Installation

Checksums:

2292166567 63429948 all/OpsCenter_windows_AMD64_80EEB_ET3956989_1.zip

3050599381 63435031 all/OpsCenter_LinuxR_x86_x86_64_80EEB_ET3956989_1.tar.gz

1347259780 63435031 all/OpsCenter_LinuxS_x86_x86_64_80EEB_ET3956989_1.tar.gz

NetBackup 8.1 - ET3956947

Package Contents:

OpsCenter_LinuxR_x86_x86_64_81EEB_ET3956947_1.tar.gz  RedHat x64 Installation

OpsCenter_LinuxS_x86_x86_64_81EEB_ET3956947_1.tar.gz  SuSe x64 Installation

OpsCenter_windows_AMD64_81EEB_ET3956947_1.zip         Windows x64 Installation

Checksums:

4001789109 65762412 all/OpsCenter_LinuxR_x86_x86_64_81EEB_ET3956947_1.tar.gz

1822040334 65758117 all/OpsCenter_windows_AMD64_81EEB_ET3956947_1.zip

2462743476 65762412 all/OpsCenter_LinuxS_x86_x86_64_81EEB_ET3956947_1.tar.gz

Applies to the following product releases

Update files

File name Description Version Platform Size