Quantcast
Channel: Veeam Support Knowledge Base
Viewing all articles
Browse latest Browse all 4362

Vulnerability Scanner Detection Related to CVE-2023-38545

December 11, 2023, 4:00 pm
$
0
0

Vulnerability Scanner Detection Related to CVE-2023-38545

KB ID: 4523
Product: Veeam Backup & Replication
Veeam Agent for Microsoft Windows
Veeam Agent for Linux
Veeam Cloud Connect
Published: 2023-12-12
Last Modified: 2023-12-12

Purpose

This Veeam KB article was created to address customers' concerns about the detection of libcurl by their security software on machines where the Veeam Transport Service is installed. Libcurl is a component of VMware VDDK (Virtual Disk Development Kit), which Veeam Backup & Replication redistributes to be able to protect VMware vSphere environments. Veeam Backup & Replication includes VDDK with the Veeam Transport Service package, which is deployed on managed machines for data movement purposes. A single Veeam Transport package is used for all situations where any portion of the Veeam Transport Services capabilities would be needed. Therefore, any server with the Veeam Transport Service installed will have VDDK libraries, regardless of whether the machine is part of a VMware vSphere backup infrastructure.
In October of 2023, a vulnerability (CVE-2023-38545) involving curl and libcurl was made public. Full details regarding this vulnerability can be found in the articles listed below.
The crucial takeaway is that this vulnerability involves curl/libcurl and the SOCKS5 proxy handshake process. Therefore, because Veeam Backup & Replication does not use the SOCKS5 protocol for communication between its components nor with any external services, Veeam Backup & Replication is not impacted by this vulnerability.

Impact Statement

Veeam Backup & Replication is not vulnerable to CVE-2023-38545 because Veeam Backup & Replication does not use SOCKS5 protocol.

False Positive Alerts

Vulnerability detection software may issue false positive alerts based merely on the fact that the libcurl library file is present on a machine where the Veeam Transport Service has been deployed. Below is a list of component roles where Veeam Backup & Replication deploys the Veeam Transport Service for data movement purposes, meaning that the libcurl file contained in the VDDK libraries will also be found on servers holding these roles:

False Positive Alert Mitigation

Mitigation Explanation

Mitigation involves the removal of VDDK, which contains the libcurl library, from machines where it is not needed. It is crucial that VDDK not be removed from any machine with a role that requires the capability to communicate with the VMware vSphere environment. 

Roles where VDDK must not be removed as it would impact the ability to communicate with the VMware vSphere environment:

  • Veeam Backup Server
  • VMware Backup Proxy
  • Guest Interaction Proxy
  • CDP Proxy

Please note that the presence of VDDK on any other Veeam components or on protected machines that do not carry the above roles does not represent even a theoretical threat because VDDK is never used or called from the Veeam code on those machines.

VDDK Library Must Remain on VMware Backup Proxies
Do not remove the VDDK libraries from VMware Backup Proxies. Removing the VDDK libraries from a VMware Backup Proxy will cause operations that attempt to use that proxy to communicate with VMware vSphere to fail with the error documented in KB2678.
Veeam Transport Redeployment
If the Veeam Transport package is reinstalled, either manually or as a result of an upgrade, the VDDK libraries will be reinstalled and will have to be removed again.

Implementation of Mitigation

If you have any questions or concerns, please do not hesitate to create a Veeam Support case.

 

For each machine that your security software has alerted to the presence of the libcurl library:

  1. Review whether the machine is a part of the VMware vSphere backup infrastructure.
    Reference the list of roles within the Mitigation Explanation section above.
  2. If the machine does not carry one of those roles, use the commands below to remove the VDDK libraries that contain the libcurl library.

Linux Machines

To remove the VDDK libraries on a Linux machine, use the following command:

sudo rm -rf /opt/veeam/transport/vddk*

Windows Machines

To remove the VDDK libraries from a Windows machine, use the following commands:

Remove-Item -Recurse -Force "C:\Program Files (x86)\Veeam\Backup Transport\x64\vddk*"
Remove-Item -Recurse -Force "C:\Program Files (x86)\Veeam\Backup Transport\x64\vix"
Remove-Item -Recurse -Force "C:\Program Files (x86)\Veeam\Backup Transport\x86\vix"

More Information

Veeam plans to update VDDK versions to the ones with a non-vulnerable version of libcurl once the updated VDDK versions are made available by the VDDK supplier (VMware).
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Search
Viewing all articles
Browse latest Browse all 4362

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search