Veritas advisory VTS20-013 was released giving details on how CVE-2020-36164 affected Enterprise Vault (EV) servers. If a server has the EV SMTP service installed, a mitigation is required for versions prior to 12.5.3 and 14.0.1.
Determine EV installation drive
Determine the Enterprise Vault installation drive. This is the drive containing the EV installation folder where the application binaries reside.
For our example, EV is installed on the D: drive.
Determine Windows system drive
Determine the Windows system drive. This is the drive where Windows is installed. Typically Windows is installed to
For our example, Windows is installed on the C: drive
For each distinct drive identified above, create the following folder if it does not exist:
In our example, we have 2 drives that need the path: c: and d:, so we create:
Set Permissions on folders
Now we need to restrict permissions on each of the
ssl folders from the previous step. One way to do this is with Windows Explorer. Right click the
ssl folder and select properties and select the Security tab. Then select the advanced button and a windows similar to this will appear:
Select Disable inheritance and remove all inheritable permissions when prompted:
Then add Full control - Allow entries for the following accounts using the Add button:
1) The Vault Service account or other local administrator account
3) The local administrators group
The first step when adding entries is to use the Select a principal dialog, to find the accounts needed.
Entries should look similar to:
When done it will look similar to:
Then apply the changes.
Was this content helpful?
Rating submitted. Please provide additional feedback (optional):