Vulnerability Scanner Detection Related to CVE-2023-38545

KB ID:	4523
Product:	Veeam Backup & Replication Veeam Agent for Microsoft Windows Veeam Agent for Linux Veeam Cloud Connect
Published:	2023-12-12
Last Modified:	2024-07-01

Veeam Backup & Replication 12.1.2 Release - Article Update

With the release of Veeam Backup & Replication 12.1.2, the VDDK libraries, which contained the libcurl library, are no longer included with the Veeam Transport package. After upgrading, the Veeam Transport Package on remote components will be updated, and the VDDK Library pack will only be deployed on components where it is needed (VMware Backup Proxies).

Additionally, Veeam Backup & Replication 12.1.2 included an updated VDDK library to address the libcurl (CVE-2023-38545) concern.

Impact: The solution section of this article has now been updated to advise that customers upgrade to the latest version of Veeam Backup & Replication.

Purpose

The information below regarding VDDK library inclusion within the Veeam Transport Service is relevant only to versions of Veeam Backup & Replication older than version 12.1.2 (see notice at the top of this article for more information).

This Veeam KB article was created to address customers' concerns about the detection of libcurl by their security software on machines where the Veeam Transport Service is installed. Libcurl is a component of VMware VDDK (Virtual Disk Development Kit), which Veeam Backup & Replication redistributes to be able to protect VMware vSphere environments. Veeam Backup & Replication includes VDDK with the Veeam Transport Service package, which is deployed on managed machines for data movement purposes. A single Veeam Transport package is used for all situations where any portion of the Veeam Transport Services capabilities would be needed. Therefore, any server with the Veeam Transport Service installed will have VDDK libraries, regardless of whether the machine is part of a VMware vSphere backup infrastructure.

In October of 2023, a vulnerability (CVE-2023-38545) involving curl and libcurl was made public. Full details regarding this vulnerability can be found in the articles listed below.

The crucial takeaway is that this vulnerability involves curl/libcurl and the SOCKS5 proxy handshake process. Therefore, because Veeam Backup & Replication does not use the SOCKS5 protocol for communication between its components nor with any external services, Veeam Backup & Replication is not impacted by this vulnerability.

Impact Statement

Veeam Backup & Replication is not vulnerable to CVE-2023-38545 because Veeam Backup & Replication does not use SOCKS5 protocol.

False Positive Alerts

Vulnerability detection software may issue false positive alerts based merely on the fact that the libcurl library file is present on a machine where the Veeam Transport Service has been deployed. Below is a list of component roles where Veeam Backup & Replication deploys the Veeam Transport Service for data movement purposes, meaning that the libcurl file contained in the VDDK libraries will also be found on servers holding these roles:

Solution

The solution is to upgrade to the latest version of Veeam Backup & Replication.

Starting with the release of Veeam Backup & Replication 12.1.2, the VDDK libraries, which contain the libcurl library, are no longer included with the Veeam Transport package. After upgrading, the Veeam Transport Package on remote components will be updated, and the VDDK Library pack will only be deployed on components where it is needed (VMware Backup Proxies).

Additionally, Veeam Backup & Replication 12.1.2 included an updated VDDK library to address the libcurl (CVE-2023-38545) concern.

More Information

Legacy Mitigation Advice

UPGRADE IS RECOMMENDED

The mitigation information below is only relevant to versions of Veeam Backup & Replication older than 12.1.2.

All customers are strongly encouraged to upgrade to the latest version of Veeam Backup & Replication, rather than implement these mitigation methods.

Mitigation Explanation

Mitigation involves the removal of VDDK, which contains the libcurl library, from machines where it is not needed. It is crucial that VDDK not be removed from any machine with a role that requires the capability to communicate with the VMware vSphere environment.

Roles where VDDK must not be removed as it would impact the ability to communicate with the VMware vSphere environment:

Veeam Backup Server
VMware Backup Proxy
Guest Interaction Proxy
CDP Proxy

Please note that the presence of VDDK on any other Veeam components or on protected machines that do not carry the above roles does not represent even a theoretical threat because VDDK is never used or called from the Veeam code on those machines.

VDDK Library Must Remain on VMware Backup Proxies

Do not remove the VDDK libraries from VMware Backup Proxies. Removing the VDDK libraries from a VMware Backup Proxy will cause operations that attempt to use that proxy to communicate with VMware vSphere to fail with the error documented in KB2678.

Veeam Transport Redeployment

If the Veeam Transport package is reinstalled, either manually or as a result of an upgrade, the VDDK libraries will be reinstalled and will have to be removed again.

Implementation of Mitigation

If you have any concerns, upgrade to the latest version of Veeam Backup & Replication.

For each machine that your security software has alerted to the presence of the libcurl library:

Review whether the machine is a part of the VMware vSphere backup infrastructure.
^{Reference the list of roles within the Mitigation Explanation section above.}
If the machine does not carry one of those roles, use the commands below to remove the VDDK libraries that contain the libcurl library.

Linux Machines

To remove the VDDK libraries on a Linux machine, use the following command:

sudo rm -rf /opt/veeam/transport/vddk*

Windows Machines

To remove the VDDK libraries from a Windows machine, use the following commands:

Remove-Item -Recurse -Force "C:\Program Files (x86)\Veeam\Backup Transport\x64\vddk*"
Remove-Item -Recurse -Force "C:\Program Files (x86)\Veeam\Backup Transport\x64\vix"
Remove-Item -Recurse -Force "C:\Program Files (x86)\Veeam\Backup Transport\x86\vix"
                          
                         

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Vulnerability Scanner Detection Related to CVE-2023-38545

Vulnerability Scanner Detection Related to CVE-2023-38545

Purpose

Impact Statement

False Positive Alerts

Solution

More Information

Mitigation Explanation

Implementation of Mitigation

Linux Machines

Windows Machines

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112