Veeam, m\u00fc\u015fterilerini Yedekleme ve \u00c7o\u011faltma yaz\u0131l\u0131m\u0131n\u0131 etkileyen y\u00fcksek \u00f6nem d\u00fczeyine sahip bir Yedekleme Hizmeti g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 d\u00fczeltmeye \u00e7a\u011f\u0131rd\u0131.<\/p>\n
CVE-2023-27532 olarak izlenen kusur, Shanigen olarak bilinen bir g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131 taraf\u0131ndan \u015eubat ortas\u0131nda bildirildi ve t\u00fcm Veeam Backup & Replication (VBR) s\u00fcr\u00fcmlerini etkiliyor.<\/p>\n
Kimli\u011fi do\u011frulanmam\u0131\u015f sald\u0131rganlar, VeeamVBR yap\u0131land\u0131rma veritaban\u0131nda depolanan \u015fifrelenmi\u015f kimlik bilgilerini ald\u0131ktan sonra yedekleme altyap\u0131s\u0131 ana bilgisayarlar\u0131na eri\u015fmek i\u00e7in bundan yararlanabilir.<\/p>\n
Veeam’in tavsiye belgesine g\u00f6re , bu kusurun arkas\u0131ndaki temel neden, kimli\u011fi do\u011frulanmam\u0131\u015f kullan\u0131c\u0131lar\u0131n \u015fifrelenmi\u015f kimlik bilgileri talep etmesine izin veren Veeam.Backup.Service.exe’dir (varsay\u0131lan olarak TCP 9401’de \u00e7al\u0131\u015f\u0131r).<\/p>\n
\u015eirket, Sal\u0131 g\u00fcn\u00fc m\u00fc\u015fterilere g\u00f6nderdi\u011fi bir e-postada, “Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 azaltmak i\u00e7in V11 ve V12 i\u00e7in yamalar geli\u015ftirdik ve kurulumlar\u0131n\u0131z\u0131 hemen g\u00fcncellemenizi \u00f6neririz” dedi.<\/p>\n
“Veeam ortam\u0131n\u0131z\u0131n \u015fu anki y\u00f6neticisi de\u011filseniz, l\u00fctfen bu e-postay\u0131 uygun ki\u015fiye iletin.”<\/p>\n
\u015eirket, VBR V11 ve V12 i\u00e7in bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 ele alan g\u00fcvenlik g\u00fcncellemeleri yay\u0131nlad\u0131 ve daha eski s\u00fcr\u00fcmleri kullanan m\u00fc\u015fterilere \u00f6nce desteklenen bu iki \u00fcr\u00fcnden birine g\u00fcncelleme yapmalar\u0131 \u00f6nerildi.<\/p>\n
Ge\u00e7ici \u00e7\u00f6z\u00fcm de mevcuttur Sald\u0131r\u0131 vekt\u00f6r\u00fcn\u00fc engellemek ve savunmas\u0131z sunucular\u0131 olas\u0131 istismar giri\u015fimlerine kar\u015f\u0131 g\u00fcvence alt\u0131na almak i\u00e7in, yedekleme sunucusu g\u00fcvenlik duvar\u0131n\u0131 kullanarak TCP 9401 ba\u011flant\u0131 noktas\u0131na harici ba\u011flant\u0131lar\u0131 da engelleyebilirsiniz.<\/p>\n Ancak ba\u011flama sunucular\u0131n\u0131n VBR sunucusuna olan ba\u011flant\u0131lar\u0131n\u0131 da etkileyece\u011finden, bu ge\u00e7ici \u00e7\u00f6z\u00fcm\u00fcn yaln\u0131zca da\u011f\u0131t\u0131lmam\u0131\u015f Veeam ortamlar\u0131nda kullan\u0131lmas\u0131 gerekti\u011fini unutmamak \u00f6nemlidir.<\/p>\n Veeam, “Bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ortaya \u00e7\u0131kt\u0131\u011f\u0131nda, sald\u0131rganlar g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 anlamak i\u00e7in yamalar\u0131 tersine m\u00fchendislik yapacak ve yaz\u0131l\u0131m\u0131n yama uygulanmam\u0131\u015f bir s\u00fcr\u00fcm\u00fcnden yararlanacak” uyar\u0131s\u0131nda bulundu.<\/p>\n “Bu, t\u00fcm sistemlerinizin da\u011f\u0131t\u0131lan t\u00fcm yaz\u0131l\u0131mlar\u0131n\u0131z\u0131n en son s\u00fcr\u00fcmlerini kullanmas\u0131n\u0131 ve yamalar\u0131n zaman\u0131nda y\u00fcklenmesini sa\u011flaman\u0131n \u00f6neminin alt\u0131n\u0131 \u00e7iziyor.”<\/p>\n Veeam , yedekleme, ola\u011fan\u00fcst\u00fc durum kurtarma ve veri koruma yaz\u0131l\u0131m\u0131n\u0131n, Fortune 500 \u015firketlerinin %82’si ve Global 2.000 \u015firketlerinin %72’si dahil olmak \u00fczere d\u00fcnya \u00e7ap\u0131nda 450.000’den fazla m\u00fc\u015fteri taraf\u0131ndan kullan\u0131ld\u0131\u011f\u0131n\u0131 s\u00f6yl\u00fcyor .<\/p>\n","protected":false},"excerpt":{"rendered":" Veeam, m\u00fc\u015fterilerini Yedekleme ve \u00c7o\u011faltma yaz\u0131l\u0131m\u0131n\u0131 etkileyen y\u00fcksek \u00f6nem d\u00fczeyine sahip bir Yedekleme Hizmeti g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 d\u00fczeltmeye \u00e7a\u011f\u0131rd\u0131. CVE-2023-27532 olarak izlenen kusur, Shanigen olarak bilinen bir g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131 taraf\u0131ndan \u015eubat ortas\u0131nda bildirildi ve t\u00fcm Veeam Backup & Replication (VBR) s\u00fcr\u00fcmlerini etkiliyor. Kimli\u011fi do\u011frulanmam\u0131\u015f sald\u0131rganlar, VeeamVBR yap\u0131land\u0131rma veritaban\u0131nda depolanan \u015fifrelenmi\u015f kimlik bilgilerini ald\u0131ktan sonra yedekleme altyap\u0131s\u0131 …<\/p>\n","protected":false},"author":1,"featured_media":2755,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[14],"tags":[],"class_list":["post-2754","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"acf":[],"_links":{"self":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/2754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/comments?post=2754"}],"version-history":[{"count":0,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/2754\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media\/2755"}],"wp:attachment":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media?parent=2754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/categories?post=2754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/tags?post=2754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nVeeam ayr\u0131ca bu haftaki CVE-2023-27532<\/strong> yamalar\u0131n\u0131 hemen kuramayan m\u00fc\u015fteriler i\u00e7in ge\u00e7ici bir d\u00fczeltme sa\u011fl\u0131yor.<\/p>\n