Skyline

 View Only
Expand all | Collapse all

Critical Vulnerability on SHD

  • 1.  Critical Vulnerability on SHD

    Posted Feb 05, 2022 09:57 AM
      |   view attached

    I have VMware Skyline Health Diagnostics in my vCenter and we ran a nessus scan on it.  It came back with this Vulnerability "nginx 0.6x<1.20.1 1-Byte Memory Overwrite RCE Vulnerability"  How do I fix it?  the 2 link in Nessus did not help

    Description

    According to its Server response header, the installed version of nginx is 0.6.18 prior to 1.20.1. It is, therefore, affected by a remote code execution vulnerability. A security issue in nginx resolver was identified, which might allow an unauthenticated remote attacker to cause 1-byte memory overwrite by using a specially crafted DNS response, resulting in worker process crash or, potentially, in arbitrary code execution.

    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
     
    Solution
    Upgrade to nginx 1.20.1 or later.


  • 2.  RE: Critical Vulnerability on SHD

    Broadcom Employee
    Posted Feb 07, 2022 03:34 PM

    NGINX version will be updated in upcoming SHD patch release, mean while nginx can be updated using below command:

    tdnf update nginx

    This command will download and install latest nginx version as per date.

    Thanks

    Ashish



  • 3.  RE: Critical Vulnerability on SHD

    Posted Feb 07, 2022 04:08 PM

    Hi Ashish,

    can I upgrade SHD my version 2.0.5 to 3.0.0 with a .OVA?  if so how?

    thanks,

    Lance



  • 4.  RE: Critical Vulnerability on SHD

    Broadcom Employee
    Posted Feb 08, 2022 03:27 PM

    You can not upgrade SHD from 2.0.5 to 3.0.0 via OVA, but you can deploy new SHD 3.0.0 instance and can have you SHD 2.0.5 data migrated into it. For this just follow the instructions during OVA deployment and mention your old SHD instance details when asked for.

    Please keep new SHD credentials same as old SHD credentials so that data migration will not be failed. You can change credentials later if needed.



  • 5.  RE: Critical Vulnerability on SHD

    Broadcom Employee
    Posted Feb 08, 2022 03:37 PM

    You can follow steps mentioned in section "Migrating the Existing Skyline Health Diagnostics Deployment to Version 3.0 and above" in SHD release docs. Below is link to the same

    https://docs.vmware.com/en/VMware-Skyline-Health-Diagnostics/services/Skyline-Health-Diagnostics/GUID-70CFBC8C-DF61-4623-8C1E-2C0E8428A210.html



  • 6.  RE: Critical Vulnerability on SHD

    Posted Feb 08, 2022 09:08 PM
      |   view attached

    I just created a new SHD 3.0.0 version but it has more vulnerabilities then the older versions.  Please look at the attachment.  is there anyway to fix these vulnerabilities?



  • 7.  RE: Critical Vulnerability on SHD
    Best Answer

    Broadcom Employee
    Posted Feb 09, 2022 04:47 AM

    Our Next Patch release will address the security issues, mean while you would suggest to run 'tdnf update -y' command in case SHD VM has internet access. This command will update all the OS packages to latest.



  • 8.  RE: Critical Vulnerability on SHD

    Posted Apr 05, 2022 09:04 AM

     "Our Next Patch release will address the security issues"

    Today we have 05.04.2022 - I have just deployed new SHD and updated it to newest version 3.0.2 

    nginx -v
    nginx version: nginx/1.16.1

     

    SHD 3.0.2 Release Notes --> 

    • NGINX server has been updated to nginx-1.16.1-5.ph3. 

     

    It is still vulnerable So new Patch Release changed nothing. 
    You have to use fixed nginx version 1.17.7

     

    We are talking about NGINX CVE-2021-23017 - Risk: High - CVSSv3.1 Base Score 8.1
    Public exploit code for vulnerability #1 is available.



  • 9.  RE: Critical Vulnerability on SHD

    Posted Apr 22, 2022 08:14 AM

    tdnf update -y is not a solution also. It doesn't update nginx ... 
    So after SHD Upgrade to the latest version and running "tdnf update -y" we are still on nginx version: nginx/1.16.1
    This is crazy that VMware is releasing products with known exploited vulnerabilities. 



  • 10.  RE: Critical Vulnerability on SHD

    Broadcom Employee
    Posted Apr 24, 2022 06:27 AM

    Thanks baszek, I have opened a internal issue for fixing nginx issue, will update you when get it fixed.



  • 11.  RE: Critical Vulnerability on SHD

    Posted Jun 13, 2022 10:56 AM

     any updates ? 



  • 12.  RE: Critical Vulnerability on SHD

    Posted Sep 02, 2022 08:03 AM

     I don't know what kind of drugs are you taking in VMware California - it's more than one year and still problem is not solved:
    New in 3.0.3, June 2022 Release --> nginx version: nginx/1.16.1 === still not patched !!!!!!!!!!!!!!!!!!!!!!!!!



  • 13.  RE: Critical Vulnerability on SHD

    Posted May 16, 2022 10:04 PM

    Thanks for this info