Revisions

1.0: May 7, 2017: Initial release
1.1: May 9, 2017: Added CVEs
1.2: Nov 2, 2017: Remove link that no longer works

 

Summary

Multiple vulnerabilities in Veritas NetBackup and Veritas NetBackup Appliance.

 

Issue Description Severity Fixed Version NetBackup
Fixed Version Appliance

1

Unauthenticated, arbitrary remote command execution through 'bprd'

Critical

7 May EEB for 7.7.2,
Hotfix for 7.7.3
and 8.0

7 May EEB for 2.7.2,
Hotfix for 2.7.3
and 3.0

2

Unauthenticated file copy and arbitrary remote command execution using 'bprd'

Critical

7 May EEB for 7.7.2,
Hotfix for 7.7.3
and 8.0

7 May EEB for 2.7.2,
Hotfix for 2.7.3
and 3.0

3

Unauthenticated privileged remote file write using 'bprd'

Critical

7 May EEB for 7.7.2,
Hotfix for 7.7.3
and 8.0

7 May EEB for 2.7.2,
Hotfix for 2.7.3
and 3.0

 

Issues

Issue #1

Unauthenticated, arbitrary remote command execution using 'bprd'

CVE ID: CVE-2017-8856
Severity: Critical
CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

The 'bprd' process on a master server allows unauthenticated, arbitrary remote command execution. This bypasses directory whitelisting, permitting any command on the system to be executed as root/administrator.

This vulnerability only affects NetBackup Master Servers, it does not affect Media Servers or Clients.

Affected Products

  • NetBackup 8.0 and earlier
  • NetBackup Appliance 3.0 and earlier

 

Issue #2

Unauthenticated file copy and arbitrary remote command execution using 'bprd'

CVE ID: CVE-2017-8857
Severity: Critical
CVSS v3 Base Score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

The 'bprd' process on a master server allows an unauthenticated user to copy any file to any other file on any NetBackup host in the master server domain. This file can then be executed as root/administrator.

This vulnerability is only in NetBackup Master Servers, it is not in Media Servers or Clients. However, an attacker can use this vulnerability to affect Media Servers and Clients.

Affected Products

  • NetBackup 8.0 and earlier
  • NetBackup Appliance 3.0 and earlier

 

Issue 3

Unauthenticated privileged remote file write using 'bprd'

CVE ID: CVE-2017-8858
Severity: Critical
CVSS v3 Base Score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

The 'bprd' process on a master server allows an unauthenticated user to write to any file on any NetBackup host in the master server domain.  By default, this includes the file that contains the list of whitelisted directories thereby allowing an attacker to write to any file on the target system.  When combined with Issue #2 above this allows an attacker to write a new executable to the target system and then execute it.

This vulnerability only affects NetBackup Master Servers, it does not affect Media Servers or Clients.

Affected Products

  • NetBackup 8.0 and earlier
  • NetBackup Appliance 3.0 and earlier

 

Questions

If you have any questions about any information in this security advisory please contact Veritas technical support.

 

References

 

Acknowledgement

Veritas would like to thank Sven Blumenstein and Xiaoran Wang from the Google Security Team for reporting these vulnerabilities.

 

Best Practices

As part of normal best practices, Veritas recommends that customers:

  • Restrict access of administration or management systems to privileged users.
  • Restrict remote access, if required, to trusted/authorized systems only.
  • Keep all operating systems and applications updated with the latest vendor patches.
  • Follow a multi-layered approach to security. Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
  • Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities

 

Disclaimer

THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Veritas Technologies LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Veritas Technologies LLC
500 East Middlefield Road
Mountain View, CA 94043

http://www.veritas.com/

 

© 2017 Veritas Technologies LLC. All rights reserved. Veritas, the Veritas Logo, and NetBackup are trademarks or registered trademarks of Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Revisions

1.0: May 7, 2017: Initial release
1.1: May 9, 2017: Added CVEs
1.2: Nov 2, 2017: Remove link that no longer works

 

Summary

Multiple vulnerabilities in Veritas NetBackup and Veritas NetBackup Appliance.

 

Issue Description Severity Fixed Version NetBackup
Fixed Version Appliance

1

Unauthenticated, arbitrary remote command execution through 'bprd'

Critical

7 May EEB for 7.7.2,
Hotfix for 7.7.3
and 8.0

7 May EEB for 2.7.2,
Hotfix for 2.7.3
and 3.0

2

Unauthenticated file copy and arbitrary remote command execution using 'bprd'

Critical

7 May EEB for 7.7.2,
Hotfix for 7.7.3
and 8.0

7 May EEB for 2.7.2,
Hotfix for 2.7.3
and 3.0

3

Unauthenticated privileged remote file write using 'bprd'

Critical

7 May EEB for 7.7.2,
Hotfix for 7.7.3
and 8.0

7 May EEB for 2.7.2,
Hotfix for 2.7.3
and 3.0

 

Issues

Issue #1

Unauthenticated, arbitrary remote command execution using 'bprd'

CVE ID: CVE-2017-8856
Severity: Critical
CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

The 'bprd' process on a master server allows unauthenticated, arbitrary remote command execution. This bypasses directory whitelisting, permitting any command on the system to be executed as root/administrator.

This vulnerability only affects NetBackup Master Servers, it does not affect Media Servers or Clients.

Affected Products

  • NetBackup 8.0 and earlier
  • NetBackup Appliance 3.0 and earlier

 

Issue #2

Unauthenticated file copy and arbitrary remote command execution using 'bprd'

CVE ID: CVE-2017-8857
Severity: Critical
CVSS v3 Base Score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

The 'bprd' process on a master server allows an unauthenticated user to copy any file to any other file on any NetBackup host in the master server domain. This file can then be executed as root/administrator.

This vulnerability is only in NetBackup Master Servers, it is not in Media Servers or Clients. However, an attacker can use this vulnerability to affect Media Servers and Clients.

Affected Products

  • NetBackup 8.0 and earlier
  • NetBackup Appliance 3.0 and earlier

 

Issue 3

Unauthenticated privileged remote file write using 'bprd'

CVE ID: CVE-2017-8858
Severity: Critical
CVSS v3 Base Score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

The 'bprd' process on a master server allows an unauthenticated user to write to any file on any NetBackup host in the master server domain.  By default, this includes the file that contains the list of whitelisted directories thereby allowing an attacker to write to any file on the target system.  When combined with Issue #2 above this allows an attacker to write a new executable to the target system and then execute it.

This vulnerability only affects NetBackup Master Servers, it does not affect Media Servers or Clients.

Affected Products

  • NetBackup 8.0 and earlier
  • NetBackup Appliance 3.0 and earlier

 

Questions

If you have any questions about any information in this security advisory please contact Veritas technical support.

 

References

 

Acknowledgement

Veritas would like to thank Sven Blumenstein and Xiaoran Wang from the Google Security Team for reporting these vulnerabilities.

 

Best Practices

As part of normal best practices, Veritas recommends that customers:

  • Restrict access of administration or management systems to privileged users.
  • Restrict remote access, if required, to trusted/authorized systems only.
  • Keep all operating systems and applications updated with the latest vendor patches.
  • Follow a multi-layered approach to security. Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
  • Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities

 

Disclaimer

THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Veritas Technologies LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Veritas Technologies LLC
500 East Middlefield Road
Mountain View, CA 94043

http://www.veritas.com/

 

© 2017 Veritas Technologies LLC. All rights reserved. Veritas, the Veritas Logo, and NetBackup are trademarks or registered trademarks of Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.