CVE-2017-6404 Veritas CVE debrief

Who should care

Veritas NetBackup and NetBackup Appliance administrators, security teams responsible for server hardening, and anyone relying on these logs for auditing, incident response, or compliance.

Technical summary

NVD lists the vulnerability as affecting Veritas NetBackup up to 7.6.1.2 and NetBackup Appliance up to 2.6.1.2. The weakness is that log files were world-writable, so a local attacker with limited privileges could modify or destroy log content, undermining auditability and trust in records. The NVD CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) indicates a local, low-privilege integrity impact without confidentiality or availability impact.

Defensive priority

Medium. This is not a remote code execution issue, but it can undermine incident response and audit evidence. Prioritize if these systems are used for compliance logging or security monitoring.

Recommended defensive actions

• Upgrade affected Veritas NetBackup and NetBackup Appliance installations to vendor-fixed versions.
• Review permissions on NetBackup log files and directories to ensure they are not world-writable.
• Restrict local shell and service access to trusted administrators only.
• Monitor for unexpected log truncation, deletion, or tampering indicators.
• Validate log integrity where possible by using centralized or append-only logging controls.

Evidence notes

The corpus identifies the issue as a world-writable log file problem in Veritas NetBackup / NetBackup Appliance, cites CWE-276, and provides the NVD CVSS 3.0 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. The NVD CPE criteria in the supplied source mark NetBackup through 7.6.1.2 and NetBackup Appliance through 2.6.1.2 as vulnerable. The vendor advisory reference is VTS17-003 Issue9.

Official resources