VTS22-015 - Hotfix for Security Advisory impacting NetBackup 10.0.0.1 and Appliance 5.0.0.1 Primary and Media Server(Etrack 4093374)

Translation Notice

Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.

VTS22-015 - Hotfix for Security Advisory impacting NetBackup 10.0.0.1 and Appliance 5.0.0.1 Primary and Media Server(Etrack 4093374)

HotFix Critical

Update ID: UPD391640

Version: 10.0.0.1/5.0.0.1

Platform: Cross-platform

Release date: 2022-11-15

Abstract

VTS22-015 - Security Advisory impacting NetBackup 10.0.0.1 and Appliance 5.0.0.1 Primary and Media Server

Description

Veritas Bug ID: ET 4093374

Issue: VTS22-015 - Security Advisory impacting NetBackup 10.0.0.1 and Appliance 5.0.0.1 Primary and Media Server

Version: NetBackup 10.0.0.1/5.0.0.1

Problem Description: VTS22-015 - Hotfix for Security Advisory impacting NetBackup 10.0.0.1 Appliance 5.0.0.1 Primary and Media Server

Problem Details and Fix: The /usr/openv/java/auth.conf file grants access to functions in the NetBackup Administration Console. This file is created by default with only root having admin rights. This file is present on Primary Servers, Media Servers and Clients.
Unless this file is modified to add non-root users to it to allow those users to manage Primary servers or a Media servers or Clients, the environment is NOT vulnerable, and the fix is not required.

This applies to NetBackup Appliance, Flex appliance, and NetBackup Flex Scale as well if auth.conf is modified on those appliances/instances. Again, with the default non-modified auth.conf, the environment is NOT vulnerable.

The fix updates the vulnerable bpjava binary on the machine the Java Admin UI console connects to.

For more details about auth.conf please see: https://www.veritas.com/content/support/en_US/doc/21733320-149123528-0/v41641695-149123528

Note this affects only Unix-based servers and clients. Windows-based servers and clients are unaffected.

Installation Requires: Close all the JAVA GUI instances connected to the master server before installing the EEB.

Install on: Server (Primary and Media)

Using the NetBackup Emergency Engineering Binary (EEB) installer
https://www.veritas.com/docs/100019405

Installing EEBs on a NetBackup 52x0 / 5330 Appliance
https://www.veritas.com/docs/100023444

Installing EEBs/Add-ons on a NetBackup Flex Appliance
https://www.veritas.com/content/support/en_US/doc/130821112-145890001-0/v137506948-145890001

VTS22-015 Advisory Link
https://www.veritas.com/content/support/en_US/security/VTS22-015

Downloads:
NB_10.0.0.1_ET4093374_1.zip
NBAPP_EEB_ET4093374-5.0.0.1-1.x86_64.rpm
VRTSflex-nb_EEB_ET4093374-10.0.0.1-1.x86_64.rpm
VRTSnbfsapp_nb_EEB_ET4093374-10.0.0.1-1.x86_64.rpm
NB_10_0_0_1_ET4093374_1_README.pdf

Applies to the following product releases

NetBackup 10.0.0.1

Release date: 2022-06-27

End of standard support: 2025-03-28

Sustaining support starts: 2027-03-28

End of support life: 2028-03-28

NetBackup Flex Appliance OS 2.1

Release date: 2021-12-06

End of support life: 2024-12-06

NetBackup Flex Appliance OS 2.0

Release date: 2020-11-04

End of support life: 2023-11-04

Update files

	File name	Description	Version	Platform	Size

Choose an account to download the files you selected.