NetBackup Appliance models 5230, 5240, 5330, and 5340 with software versions 2.7.1 and later are affected by the following issue:
- CVE-2017-5715 (Spectre Variant 2)
CVSS Base Score: 5.6
Systems with microprocessors that utilize speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access through a side-channel analysis.
Note: NetBackup and OpsCenter software applications are not affected by this issue.
Security scanners and similar tools that validate Meltdown and Spectre vulnerabilities will report that NetBackup appliances are affected by this vulnerability for Variant 2 on all of the described hardware models.
NetBackup Appliance models 5230, 5240, 5330, and 5340 use BIOS and kernel versions that are vulnerable to the problems described in CVE-2017-5715.
An Emergency Engineering Binary (EEB) is available to fix the Spectre Variant 2 vulnerability for NetBackup appliance software versions 3.1.1 and 3.1.2.
Before EEB installation, note the following:
- This EEB enables the fix for the Spectre Variant 2 vulnerability on an appliance and may adversely impact appliance performance. After installing this EEB, rolling it back disables the vulnerability fix and mitigates the performance issues, if any. Before you install this EEB, consider whether performance or security is more important for your environment. For better security, install the EEB. To maintain the current appliance performance level, do not install the EEB.
- For appliances with software version 3.1.2, a BIOS update is not required to fix this vulnerability. The EEB (NBAPP_EEB_ET3957544-220.127.116.11-1.x86_64.rpm) is all that is required. The EEB is attached to this article.
- For appliances with software version 3.1.1, a BIOS update is required before you install the EEB (NBAPP_EEB_ET3958702-18.104.22.168-1.x86_64.rpm) to fix the Spectre Variant 2 vulnerability. The EEB is attached to this article. If the BIOS version on the appliance does not meet the minimum required version, the EEB installation fails. The BIOS update is available in the form of another EEB for NetBackup Appliance software version 3.1.1. You can obtain this EEB from the following link:
Caution: Do not install the BIOS update EEB after installing the Spectre 2 Variant fix EEB. Otherwise, the Spectre 2 Variant fix will be disabled.
- To avoid an EEB installation failure, you must stop all NetBackup jobs before installing the EEB.
- This EEB must be installed on both the master server appliance and all associated media server appliances.
- A reboot occurs automatically at the end of EEB installation.
For instructions on installing EEBs, see the link under Related Knowledge Base Articles.
Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned in this article. Veritas is committed to product quality and satisfied customers.
Related Knowledge Base Articles
Was this content helpful?
Rating submitted. Please provide additional feedback (optional):