Apache Struts vulnerability in NetBackup OpsCenter - CVE-2018-11776

Apache Struts vulnerability in NetBackup OpsCenter - CVE-2018-11776

  • Article ID:100043979
  • Last Published:
  • Product(s):NetBackup

Problem

CVE-2018-11776

Security Impact: Critical

NetBackup OpsCenter software versions 8.1.1 and earlier include versions of Apache Struts that are vulnerable to a Remote Code Execution.

A hotfix is available for NetBackup 7.7.3, 8.1 and 8.1.1 which resolves this problem.  These hotfixes can be downloaded for each version at the bottom of this article.

Error Message

Security scanners may report this issue as a critical severity vulnerability for Apache Struts packages used on NetBackup OpsCenter.

Cause

Statement from NIST:

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using URL tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace.

Solution

Hotfix EEBs to update Apache Struts on NetBackup OpsCenter servers for 7.7.3, 8.1, and 8.1.1 are available for download below.  The formal resolution for this issue in these ETracks will be included in NetBackup OpsCenter 8.1.3

Installation

*** Standalone OpsCenter Installation ***
1) Stop All OpsCenter Server Processes

2) Extract the appropriate EEB package for your operating system

3) Change to the folder where the EEB package was extracted

4) OpsCenterEEBInstaller.bat -server base_directory_of_server_installation_in_quotes 
  Eg: OpsCenterEEBInstaller.bat -server "C:\Program Files\Veritas" 

5) Start All OpsCenter Server Processes

*** Clustered OpsCenter Installation ***
*** IT IS MANDATORY TO FOLLOW ALL THE STEPS FOR CLUSTERED OPSCENTER ***

      
1)  Log on to the Opscenter cluster as a user with administrator privileges
               
2)  Make sure that the shared disk is not mounted on any node in the cluster
    
    If applicable, unmount the OpsCenter shared mount point. Stop the volume the mount point is on and deport the disk group for that volume on all nodes of the cluster
                             
3)  Offline OpsCenter server resource by using cluster GUI or with the following command:
    
    hares -offline <opscenter server resource name> -sys <node>
                                           
4)  Freeze OpsCenter group by using cluster GUI or with the following command:
    
    hagrp -freeze <OpsCenter group name> -persistent -sys <node>
                                           
5)  Stop NetBackup OpsCenter cluster agent on all nodes of the OpsCenter group by using cluster GUI or with the following command:
    
    haagent -stop NetBackupOpsCenterVCS -force -sys <node>
                                           
6)  Log on to the primary node and install the EEB
    
    Extract the appropriate EEB package for your operating system
    Change to the folder where the EEB package was extracted
    OpsCenterEEBInstaller.bat -server base_directory_of_server_installation_in_quotes 
    
    Eg: OpsCenterEEBInstaller.bat -server "C:\Program Files\Veritas" 
               
7)  After installing EEB on primary node, login to non-primary node and install EEB on all the non-primary nodes
        
        Extract the appropriate EEB package for your operating system
    Change to the folder where the EEB package was extracted
        OpsCenterEEBInstaller.bat -server base_directory_of_server_installation_in_quotes 
               
        Eg: OpsCenterEEBInstaller.bat -server "C:\Program Files\Veritas" 
                                           
        NOTE : While intalling EEB on primary and non primary node, EEB installer script may show errors/warnings:
                            
        'unable to restart opscenter services' or 
        'The dependency service or group failed to start'
                                
        We can safely ignore these errors/warnings and proceed with remaining steps of EEB.                                 
                             
8)  After installing EEB on all nodes, start the NetBackup OpsCenter cluster agent on each node by using cluster GUI or with the following command
        
        haagent -start NetBackupOpsCenterVCS -sys <node>
     
9)  Unfreeze the OpsCenter VCS group by using cluster GUI or with the following command:
        
        hagrp -unfreeze <OpsCenter group name> -persistent -sys <node>

 

Packages

NetBackup 7.7.3 - ET3956949

Package Contents:

OpsCenter_LinuxR_x86_x86_64_773EEB_ET3956949_1.tar.gz   RedHat x64 Installation
OpsCenter_LinuxS_x86_x86_64_773EEB_ET3956949_1.tar.gz   SuSe x64 Installation
OpsCenter_windows_AMD64_773EEB_ET3956949_1.zip          Windows x64 Installation

Checksums:
2981409260 63402833 all/OpsCenter_windows_AMD64_773EEB_ET3956949_1.zip
930242101 63408834 all/OpsCenter_LinuxS_x86_x86_64_773EEB_ET3956949_1.tar.gz
3011436093 63408834 all/OpsCenter_LinuxR_x86_x86_64_773EEB_ET3956949_1.tar.gz

NetBackup 8.0 - ET3956989

Package Contents:

OpsCenter_LinuxR_x86_x86_64_80EEB_ET3956989_1.tar.gz RedHat x64 Installation
OpsCenter_LinuxS_x86_x86_64_80EEB_ET3956989_1.tar.gz SuSe x64 Installation
OpsCenter_windows_AMD64_80EEB_ET3956989_1.zip          Windows x64 Installation

Checksums:

2292166567 63429948 all/OpsCenter_windows_AMD64_80EEB_ET3956989_1.zip
3050599381 63435031 all/OpsCenter_LinuxR_x86_x86_64_80EEB_ET3956989_1.tar.gz
1347259780 63435031 all/OpsCenter_LinuxS_x86_x86_64_80EEB_ET3956989_1.tar.gz

NetBackup 8.1 - ET3956947

Package Contents:

OpsCenter_LinuxR_x86_x86_64_81EEB_ET3956947_1.tar.gz   RedHat x64 Installation
OpsCenter_LinuxS_x86_x86_64_81EEB_ET3956947_1.tar.gz   SuSe x64 Installation
OpsCenter_windows_AMD64_81EEB_ET3956947_1.zip          Windows x64 Installation

Checksums:
4001789109 65762412 all/OpsCenter_LinuxR_x86_x86_64_81EEB_ET3956947_1.tar.gz
1822040334 65758117 all/OpsCenter_windows_AMD64_81EEB_ET3956947_1.zip
2462743476 65762412 all/OpsCenter_LinuxS_x86_x86_64_81EEB_ET3956947_1.tar.gz

NetBackup 8.1.1 - ET3956937

Package Contents:

OpsCenter_LinuxR_x86_x86_64_811EEB_ET3956937_1.tar.gz   RedHat x64 Installation
OpsCenter_LinuxS_x86_x86_64_811EEB_ET3956937_1.tar.gz   SuSe x64 Installation
OpsCenter_windows_AMD64_811EEB_ET3956937_1.zip          Windows x64 Installation

Checksums:
2152343143 65873391 all/OpsCenter_LinuxS_x86_x86_64_811EEB_ET3956937_1.tar.gz
4030837453 65869216 all/OpsCenter_windows_AMD64_811EEB_ET3956937_1.zip
231867657 65873385 all/OpsCenter_LinuxR_x86_x86_64_811EEB_ET3956937_1.tar.gz

Downloads

Was this content helpful?