Sign In
Forgot Password

Don’t have an account? Create One.

Spectre vulnerability (Variant 2 - CVE-2017-5715) on NetBackup Appliances (article 100043541)

HotFix Critical

Abstract

Resolves NetBackup Appliance models 5230, 5240, 5330, and 5340 that use BIOS and kernel versions that are vulnerable to the problems described in CVE-2017-5715

Description

Problem

NetBackup Appliance models 5230, 5240, 5330, and 5340 with software versions 2.7.1 and later are affected by the following issue:

  • CVE-2017-5715 (Spectre Variant 2)
  • CVSS Base Score: 5.6
  • Systems with microprocessors that utilize speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access through a side-channel analysis.


Note: NetBackup and OpsCenter software applications are not affected by this issue.


Error Message

Security scanners and similar tools that validate Meltdown and Spectre vulnerabilities will report that NetBackup appliances are affected by this vulnerability for Variant 2 on all of the described hardware models.


Cause

NetBackup Appliance models 5230, 5240, 5330, and 5340 use BIOS and kernel versions that are vulnerable to the problems described in CVE-2017-5715.

Read me

Spectre vulnerability (Variant 2 - CVE-2017-5715) on NetBackup Appliances (article 100043541)


HotFix: Critical

Update ID: UPD178963

Version: 3.1.2 / 3.1.1

Platform: Appliance

Release date: 2018-10-25


Problem

NetBackup Appliance models 5230, 5240, 5330, and 5340 with software versions 2.7.1 and later are affected by the following issue:

  • CVE-2017-5715 (Spectre Variant 2)
  • CVSS Base Score: 5.6
  • Systems with microprocessors that utilize speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access through a side-channel analysis.


Note: NetBackup and OpsCenter software applications are not affected by this issue.


Error Message

Security scanners and similar tools that validate Meltdown and Spectre vulnerabilities will report that NetBackup appliances are affected by this vulnerability for Variant 2 on all of the described hardware models.


Cause

NetBackup Appliance models 5230, 5240, 5330, and 5340 use BIOS and kernel versions that are vulnerable to the problems described in CVE-2017-5715.


Solution

An Emergency Engineering Binary (EEB) is available to fix the Spectre Variant 2 vulnerability for NetBackup Appliance software versions 3.1.1, 3.1.2 and 3.2.

Before EEB installation, note the following:

  • This EEB enables the fix for the Spectre Variant 2 vulnerability on an appliance and may adversely impact appliance performance. After installing this EEB, rolling it back disables the vulnerability fix and mitigates the performance issues, if any. Before you install this EEB, consider whether performance or security is more important for your environment. For better security, install the EEB. To maintain the current appliance performance level, do not install the EEB.
  • Before you install the EEB on appliances with software version 3.2, you must first verify if the appliance uses the minimum required BIOS version as follows, by using command Manage > Software > Firmware Status:
  • 5340 - BIOS: SE5C620.86B.00.01.0014
  • 5240 - BIOS: SE5C610.86B.01.01.0028
  • 5230/5330 - BIOS: SE5C600.86B.02.06.0007

            If any appliance uses an earlier version of the BIOS, you must first update the BIOS to the minimum required version by using the firmware update tool. For details and to obtain the tool, see the following article: https://www.veritas.com/support/en_US/article.100046032

  • For appliances with software version 3.1.2, a BIOS update is not required to fix this vulnerability. The EEB (NBAPP_EEB_ET3957544-3.1.2.0-1.x86_64.rpm) is all that is required. The EEB is attached to this article.
  • For appliances with software version 3.1.1, a BIOS update is required before you install the EEB (NBAPP_EEB_ET3958702-3.1.1.0-1.x86_64.rpm) to fix the Spectre Variant 2 vulnerability. The EEB is attached to this article. If the BIOS version on the appliance does not meet the minimum required version, the EEB installation fails. The BIOS update is available in the form of another EEB for NetBackup Appliance software version 3.1.1. You can obtain this EEB from the following link: https://www.veritas.com/support/en_US/article.100044095
  • Caution: Do not install the BIOS update EEB after installing the Spectre 2 Variant fix EEB. Otherwise, the Spectre 2 Variant fix will be disabled.
  • To avoid an EEB installation failure, you must stop all NetBackup jobs before installing the EEB.
  • This EEB must be installed on both the master server appliance and all associated media server appliances.
  • A reboot occurs automatically at the end of EEB installation.


For instructions on installing EEBs, see the link under Related Knowledge Base Articles.


Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned in this article. Veritas is committed to product quality and satisfied customers.

Update files

File name Description Version Platform Size

Applies to the following product releases