Summary
A vulnerability was discovered in Veritas NetBackup 10.3.0.1, and prior versions, where Veritas Alta Recovery Vault is used as an immutable storage target. The tech alert information will be added here when available. It is required that all NetBackup/ADP Media Servers are patched according to current guidelines to avoid disruption to backups. Please contact Veritas Technical Support to ensure that have applied the appropriate EEBs for your environment.
Service |
NetBackup/ADP Versions Affected |
Fixed Version |
Remediation |
Alta Recovery Vault Azure (standard and archive tiers) |
10.3.0.1, 10.3, 10.2.0.1, 10.2, 10.1.1, 10.1, 10.0.0.1 |
10.4 |
Please upgrade your environment to NetBackup 10.4 or if you wish to remain on an older version, contact Veritas Technical Support to ensure that the required EEBs are applied correctly to your environment. |
Alta Recovery Vault AWS (standard and archive tiers) |
10.3.0.1, 10.3, 10.2.0.1, 10.2, 10.1.1, 10.1, 10.0.0.1, 10.0, 9.1.0.1 |
10.4 |
Issue
Overview
By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. With Alta Recovery Vault it is intended that only Veritas has cloud administrator privileges and that no end users would have the ability to unlock backups that are marked as indelible. This vulnerability allowed a NetBackup administrator to modify the expiration of backups under Governance mode which could cause premature deletion.
Severity: Medium
https://www.veritas.com/support/en_US/security/VTS24-004
Prerequisites
A user with the NetBackup Administrator role accesses the NetBackup servers and performs the operation to modify the expiration of Governance mode images in the cloud storage.
Affected Versions
Veritas NetBackup 10.3.0.1, 10.3, 10.2.0.1, 10.2, 10.1.1, 10.1, 10.0.0.1, 10.0, 9.1.0.1
Remediation
This vulnerability has already been remediated on all Veritas Alta Recovery Vault cloud accounts. Users of affected versions of NetBackup/ADP must update their systems immediately, and failure to do so will result in failure for any backups or dupes that are targeted for Recovery Vault. Customers that upgrade to NetBackup 10.4 will require no further action. Customers running earlier versions of NetBackup are advised to apply the EEBs identified in the table below:
NetBackup/ADP Version |
EEB ID & Download Link |
NBU 9.1.0.1 |
|
NBU 10.0 |
Contact Support for Hotfix 4069637 |
NBU 10.0.0.1 |
|
NBU 10.1 |
Contact Support for Hotfix 4090334 |
NBU 10.1.1 |
|
NBU 10.2 |
Contact Support for Hotfix 4114925 |
NBU 10.2.0.1 |
|
NBU 10.3 |
Contact Support for Hotfix 4140861 |
NBU 10.3.0.1 |
Questions
For questions or problems regarding these vulnerabilities, please contact Veritas Technical Support (https://www.veritas.com/support)
Disclaimer
THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
War dieser Inhalt hilfreich?
Übersetzter Inhalt
Bitte beachten Sie, dass dieses Dokument aus dem Englischen übersetzt wurde und es sich möglicherweise um eine Maschinenübersetzung handelt. Es ist möglich, dass nach Übersetzung und Veröffentlichung dieses Dokuments Aktualisierungen der ursprünglichen Version vorgenommen wurden. Veritas übernimmt keine Garantie für die Genauigkeit hinsichtlich der Vollständigkeit der Übersetzung. Sie können auch die englische Version dieses Supportdatenbank-Artikels heranziehen, um aktuelle Informationen zu erhalten.