Hello everyone, I would like to inform you about a recent discovery made by security researchers from RAPID7. They have found a new zero-day vulnerability in PostgreSQL, which could be used against the product in this case not Veeam but BeyondTrust Remote Support products.
The PostgreSQL team has already released a patch, you can download and install it.
The patch also includes an update for other bugs that have been reported over the past few months.
Veeam uses a PostgreSQL database so I thought it would be worth informing the community about finding and considering updating the database our backup tool uses, which is most often forgotten :)
For technical purposes, Veeam 12.3 supports versions of PostgreSQL like below (SOURCE):
- PostgreSQL 14.x
- PostgreSQL 15.x (PostgreSQL 15.10.1 is included in the Veeam Backup & Replication 12.3 setup)
DB UPDATE PROCEDURE:
Upgrading the SQL Database Engine Software (Microsoft SQL Server or PostgreSQL) Used by Veeam Backup & Replication
ARTICLE:
Securityweek - Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation
Bleepingcomputer: PostgreSQL flaw exploited as zero-day in BeyondTrust breach
PostgreSQL ARTICLES:
PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 Released!
