Translation Notice
Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.
Remote Code Execution vulnerability (article 100000481)
Abstract
Description
Unauthenticated users can execute arbitrary commands as root.
CVE ID: CVE-2017-8859
Severity: Critical
CVSS v3 Base Score: 9.8
Remote Code Execution (RCE) allows an unauthenticated attacker to gain remote access through the NetBackup Appliance Web Console.
As a root user, an attacker can use a combination of special characters to execute commands on the underlying operating system, which calls the internal scripts.
This patch contains security enhancements to prevent RCE vulnerability in NetBackup appliances, along with the fix for CVE-2016-7399
Note: This vulnerability does not affect NetBackup software or OpsCenter.
Action Required
Emergency Engineering Binaries (EEBs) are available for these security enhancements for the following NetBackup appliance release versions:
2.7.3, 3.0
NetBackup Appliance release 3.1 includes the fix for this vulnerability.
Apply the appropriate EEB for your version.
Update files
|
File name | Description | Version | Platform | Size |
---|