VMware Support Community
lancestorm3
Contributor
Contributor
Jump to solution

Critical Vulnerability on SHD

I have VMware Skyline Health Diagnostics in my vCenter and we ran a nessus scan on it.  It came back with this Vulnerability "nginx 0.6x<1.20.1 1-Byte Memory Overwrite RCE Vulnerability"  How do I fix it?  the 2 link in Nessus did not help

Description

According to its Server response header, the installed version of nginx is 0.6.18 prior to 1.20.1. It is, therefore, affected by a remote code execution vulnerability. A security issue in nginx resolver was identified, which might allow an unauthenticated remote attacker to cause 1-byte memory overwrite by using a specially crafted DNS response, resulting in worker process crash or, potentially, in arbitrary code execution.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
 
Solution
Upgrade to nginx 1.20.1 or later.
Reply
0 Kudos
1 Solution

Accepted Solutions
araikwar
VMware Employee
VMware Employee
Jump to solution

Our Next Patch release will address the security issues, mean while you would suggest to run 'tdnf update -y' command in case SHD VM has internet access. This command will update all the OS packages to latest.

View solution in original post

Reply
0 Kudos
12 Replies
araikwar
VMware Employee
VMware Employee
Jump to solution

NGINX version will be updated in upcoming SHD patch release, mean while nginx can be updated using below command:

tdnf update nginx

This command will download and install latest nginx version as per date.

Thanks

Ashish

Reply
0 Kudos
lancestorm3
Contributor
Contributor
Jump to solution

Hi Ashish,

can I upgrade SHD my version 2.0.5 to 3.0.0 with a .OVA?  if so how?

thanks,

Lance

Reply
0 Kudos
araikwar
VMware Employee
VMware Employee
Jump to solution

You can not upgrade SHD from 2.0.5 to 3.0.0 via OVA, but you can deploy new SHD 3.0.0 instance and can have you SHD 2.0.5 data migrated into it. For this just follow the instructions during OVA deployment and mention your old SHD instance details when asked for.

Please keep new SHD credentials same as old SHD credentials so that data migration will not be failed. You can change credentials later if needed.

Reply
0 Kudos
araikwar
VMware Employee
VMware Employee
Jump to solution

You can follow steps mentioned in section "Migrating the Existing Skyline Health Diagnostics Deployment to Version 3.0 and above" in SHD release docs. Below is link to the same

https://docs.vmware.com/en/VMware-Skyline-Health-Diagnostics/services/Skyline-Health-Diagnostics/GUI...

Reply
0 Kudos
lancestorm3
Contributor
Contributor
Jump to solution

I just created a new SHD 3.0.0 version but it has more vulnerabilities then the older versions.  Please look at the attachment.  is there anyway to fix these vulnerabilities?

Reply
0 Kudos
araikwar
VMware Employee
VMware Employee
Jump to solution

Our Next Patch release will address the security issues, mean while you would suggest to run 'tdnf update -y' command in case SHD VM has internet access. This command will update all the OS packages to latest.

Reply
0 Kudos
baszek
Enthusiast
Enthusiast
Jump to solution

@araikwar "Our Next Patch release will address the security issues"

Today we have 05.04.2022 - I have just deployed new SHD and updated it to newest version 3.0.2 

nginx -v
nginx version: nginx/1.16.1

 

SHD 3.0.2 Release Notes --> 

  • NGINX server has been updated to nginx-1.16.1-5.ph3. 

 

It is still vulnerable 😉 So new Patch Release changed nothing. 
You have to use fixed nginx version 1.17.7

 

We are talking about NGINX CVE-2021-23017 - Risk: High - CVSSv3.1 Base Score 8.1
Public exploit code for vulnerability #1 is available.

Reply
0 Kudos
baszek
Enthusiast
Enthusiast
Jump to solution

tdnf update -y is not a solution also. It doesn't update nginx ... 
So after SHD Upgrade to the latest version and running "tdnf update -y" we are still on nginx version: nginx/1.16.1
This is crazy that VMware is releasing products with known exploited vulnerabilities. 

Reply
0 Kudos
araikwar
VMware Employee
VMware Employee
Jump to solution

Thanks baszek, I have opened a internal issue for fixing nginx issue, will update you when get it fixed.

Reply
0 Kudos
BigMike23
Enthusiast
Enthusiast
Jump to solution

Thanks for this info

Reply
0 Kudos
baszek
Enthusiast
Enthusiast
Jump to solution

@araikwar any updates ? 

Reply
0 Kudos
baszek
Enthusiast
Enthusiast
Jump to solution

@araikwar I don't know what kind of drugs are you taking in VMware California - it's more than one year and still problem is not solved:
New in 3.0.3, June 2022 Release --> nginx version: nginx/1.16.1 === still not patched !!!!!!!!!!!!!!!!!!!!!!!!!

Reply
0 Kudos