End user license agreement
Translation Notice
Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.
NetBackup Appliances Hotfix - Samba vulnerability - CVE-2017-7494 (article 100034094)
Abstract
Description
A remote code execution flaw was found in the Samba versions that are used in the NetBackup Appliances.
| Update name | Type | Platform | Release date | Actions |
|---|
This Update Does not have any Obsolescence Information!
Translation Notice
Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.
Translation Notice
Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.
Abstract
Description
Applies to the following product releases
Update files
|
|
File name | Description | Version | Platform | Size |
|---|
Download
Choose an account to download the files you selected.
| Account Name |
|---|
Enter an entitlement ID to download the selected files. If you don’t have an entitlement ID, click Cancel, then click on the circle icon next to one of the selected download files for more information.
Translation Notice
Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.
Critical
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.
NetBackup Appliances Hotfix - Samba vulnerability - CVE-2017-7494 (article 100034094)
Abstract
Description
A remote code execution flaw was found in the Samba versions that are used in the NetBackup Appliances.
Read me
Problem
CVSS Base Score: 7.5
A remote code execution flaw was found in the Samba versions that are used in the NetBackup Appliances.
A malicious authenticated Samba client, having write access to the Samba share, could use this flaw to execute arbitrary code as root.
NetBackup Appliance software versions 2.7.1 - 3.0 are affected by this vulnerability.
Note: This vulnerability does not affect the NetBackup and OpsCenter software applications.
Error Message
Security scanners will report this issue as a high severity vulnerability for Samba packages used in the NetBackup Appliance.
Cause
NetBackup Appliance software versions 2.7.1 - 3.0 use the affected Samba packages.
Solution
Emergency Engineering Binaries (EEBs) are available to fix this vulnerability on the following releases of the NetBackup appliances:
- 2.7.2, 2.7.3 and 3.0.
Apply the appropriate EEB for your version.
Before installing the EEB, note the following:
- To avoid an EEB installation failure, you must stop all NetBackup jobs before installing the EEB.
- This EEB must be installed on both the master server appliances and all associated media server appliances.
- A reboot is not required after EEB installation.
- If you upgrade your appliance after installing this EEB, you must reinstall the EEB that is associated with the upgraded software version.
Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned in this article. Veritas is committed to product quality and satisfied customers.
- This vulnerability has been fixed in NetBackup Appliance software version 3.1.
Note: To mitigate this vulnerability, NetBackup appliances do not use the Samba packages directly from samba.org. Instead, the appliances use Samba packages that are provided by Red Hat for Red Hat Enterprise Linux (RHEL) Server 6. Click on the following link for more details:
https://access.redhat.com/errata/RHSA-2017:1270
Most security scanners validate this vulnerability by checking the fixed version from samba.org and not from the Red Hat site. Even after installing the appropriate EEB, those scanners may still report this vulnerability on a NetBackup appliance. In that scenario, this vulnerability can be treated as a false positive.
Update files
SYMC_NBAPP_EEB_ET3920125-2.7.2.0-1.x86_64.rpm
SYMC_NBAPP_EEB_ET3920126-2.7.3.0-2.x86_64.rpm
NBAPP_EEB_ET3920127-3.0.0.0-1.x86_64.rpm