Impact of Shell Shock “CVE 2014-6271” on NetBackup and NetBackup Appliances Some information contained in this document is forward looking and as such does not represent a commitment. Date Audience Distribution Type Sept 25th 2014 External External Statement of Direction Purpose of this Document The purpose of this document is to define the impact of Shell Shock or Bash Bug “CVE 2014-6271” on NetBackup and NetBackup Appliances. Disclaimer: Any information regarding pre-release Symantec offerings, future updates or other planned modifications are subject to on-going evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available. 1. Which versions of bash does this vulnerability affect? Bash software (versions 4.3 and earlier) on all Linux and Unix Operating Systems. 2. Is there an impact to NetBackup software? No. It’s not affected. 3. Is there an impact to NetBackup Appliances? NetBackup Appliances does ship an older bash. Thus it is affected. With CSP Prevention technology enabled, all appliance software versions 2602 or higher have minimal impact. All appliance software versions prior to 2602 are impacted. An EEB will be posted by 9/30 or sooner for all appliance software versions. 4. Which versions of NetBackup & NetBackup Appliances are impacted by this vulnerability? Component NetBackup NetBackup NetBackup Appliances NetBackup Appliances Version 7.6 / 7.6.0.1 Versions prior to 7.6 2.6.0.2 and higher Versions prior to 2.6.0.2 SYMANTEC PROPRIETARY/CONFIDENTIAL – 1 Copyright © 2014 Symantec Corporation. All rights reserved. Impact? No No Yes; minimal Yes Impact of Shell Shock “CVE 2014-6271” on NetBackup and NetBackup Appliances PureDisk Appliances Versions 1.4.x Yes 5. Which release will the fix be introduced in? NetBackup Software The bash in NetBackup Vcenter Plugin (VCP) is not exploitable but will be patched in a future release to avoid detection in scanners. NetBackup Appliances The fix to this vulnerability will be targeted for NetBackup Appliances 2.6.0.4 and 2.6.1 releases. However, it’s recommended to download the patch and apply it on all platforms. 6. If I have additional concerns who can I contact? You may contact your Symantec authorized reseller/partner or Symantec support. SYMANTEC PROPRIETARY/CONFIDENTIAL – 2 Copyright © 2014 Symantec Corporation. All rights reserved.
© Copyright 2024 ExpyDoc
