#1 Global Leader in Data Resilience

Zip Slip Vulnerability

KB ID: 2662
Product: Veeam Backup & Replication
Version: 8.x, 9.x
Published: 2018-06-06
Last Modified: 2020-08-13
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Challenge

Veeam is aware of the Zip Slip Vulnerability, which affects jobs with the guest file system indexing option enabled.

Zip Slip is an arbitrary file overwrite vulnerability in multiple ZIP decompression algorithm implementations that affects thousands of software products across many ecosystems. The vulnerability is exploited using a specially crafted zip archive that holds path traversal filenames. A path traversal filename is a malicious filename that when chained to the target extraction directory, results in the final path existing outside of the target folder . For instance, if a zip archive were to contain a file called "../../file.exe", it would break out of the target folder when extracted.

We highly recommend patching this vulnerability as soon as possible, as vulnerable code samples are actively being hand crafted and shared in developer communities for all major platforms.

Cause

Zip library (DotNetZip) CVE-2018-1002205

Solution

A hotfix for Zip Slip and another similar vulnerability in guest file system indexing functionality is available for the following versions of Veeam Backup & Replication:

NB! The hotfix is already included in 9.5 update 3a!

The hotfix contains the following files: Ionic.Zip.dll and Veeam.Backup.Common.dll

Steps to apply the hotfix:

This hotfix is to be applied to the Veeam Backup Server.

1) Stop all Veeam jobs.
2) Stop all Veeam services (PowerShell: gsv Veeam* | spsv)
3) On the Veeam server, browse to C:\Program Files\Veeam\Backup and Replication\Backup Catalog

Find Ionic.Zip.dll and rename to Ionic.Zip.dll_Original
Find Veeam.Backup.Common.dll and rename to Veeam.Backup.Common.dll_Original

Copy the Ionic.Zip.dll and Veeam.Backup Common.dll from the hotfix bundle and copy to C:\Program Files\Veeam\Backup and Replication\Backup Catalog

4) On the Veeam server, browse to C:\Program Files\Veeam\Backup and Replication\Enterprise Manager

Find Ionic.Zip.dll and rename to Ionic.Zip.dll_Original
Find Veeam.Backup.Common.dll and rename to Veeam.Backup.Common.dll_Original

Copy the Ionic.Zip.dll and Veeam.Backup Common.dll from the hotfix bundle and copy to C:\Program Files\Veeam\Backup and Replication\Enterprise Manager


5) Be sure that you have renamed and replaced the dll files found in the following two folders with the dlls found in the hotfix:
C:\Program Files\Veeam\Backup and Replication\Backup Catalog
C:\Program Files\Veeam\Backup and Replication\Enterprise Manager

6) Start all Veeam services (PowerShell: gsv Veeam* | sasv)

 

    More Information

    Note: The only known angle of attack for leveraging these vulnerabilities against Veeam Backup & Replication involves Window and Linux guest file system indexing functionality. As such, you don’t have to install this hotfix unless you have guest file system indexing enabled in any of your Veeam backup jobs.

    To submit feedback regarding this article, please click this link: Send Article Feedback
    To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

    Spelling error in text

    This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
    Thank you!

    Thank you!

    Your feedback has been received and will be reviewed.

    Oops! Something went wrong.

    Please, try again later.

    You have selected too large block!

    Please try select less.

    KB Feedback/Suggestion

    This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

    By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
    This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
    Verify your email to continue your product download
    We've sent a verification code to:
    • Incorrect verification code. Please try again.
    An email with a verification code was just sent to
    Didn't receive the code? Click to resend in sec
    Didn't receive the code? Click to resend
    Thank you!

    Thank you!

    Your feedback has been received and will be reviewed.

    error icon

    Oops! Something went wrong.

    Please, try again later.