VMware Support Community
JDB1
Contributor
Contributor
‎01-21-2022 01:27 AM
Jump to solution

VMware Skyline Health Diagnostics - end of life

The version of nginx running on our VMware Skyline Health Diagnostics appliance is being flagged as out-of-date and therefore may be vulnerable to remote code execution, denial-of-service attacks, or other vulnerabilities. There are no updates available for the product. Could someone please advise how to address this?

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
anshumansingh
VMware Employee
VMware Employee
‎09-20-2022 09:59 PM
Jump to solution

Hi @baszek 

 

The new version of SHD 3.5.0 is available for download here Download VMware Skyline Health Diagnostics.

View solution in original post

0 Kudos
7 Replies
araikwar
VMware Employee
VMware Employee
‎03-14-2022 05:03 AM
Jump to solution

SHD patch release 3.0.1 has latest nginx version, it will be available in a week.

CatherineLuke
Contributor
Contributor
‎05-12-2022 11:23 PM
Jump to solution

I think it’s a decent tool, particularly if you have a problem and you need a log bundle analysed. The VCG analysis doesn’t seem to be covering the entire VCG though - my Supermicro E300-8CB8TP boxes are on the VCG (albeit I’ve yet to upgrade the NIC firmware, so those components are on the VCG). If I manually check the VCG then I confirm that they’re present, but neither this nor the HCL feature as a part of vLCM show these.

It should definitely be a virtual appliance, though.

0 Kudos
baszek
Enthusiast
Enthusiast
‎09-12-2022 02:41 PM
Jump to solution

nope - it does not have latest nginx till now. 

nginx version: nginx/1.16.1 === still not patched !!!!!!!!!!!!!!!!!!!!!!!!!
We are talking about NGINX CVE-2021-23017 - Risk: High - CVSSv3.1 Base Score 8.1
Public exploit code available for vulnerability #1 is available.

Just delete that SHD tool from your IT environments - it'll mitigate it for sure, because VMware can't fix it for more than a half year.

0 Kudos
araikwar
VMware Employee
VMware Employee
‎09-14-2022 12:54 AM
Jump to solution

The issue CVE-2021-23017 is fixed in nginx-1.16.1-4.ph3.x86_64.rpm, just check if you have below RPMs or latest

 

curl-7.75.0-2.ph3.x86_64.rpm , sha256 : e097a6881ab1c1707dcfa5eb466e5e963dfc6b7361f35f212f66ed350787a4f1 , size : 147K , build_date : Wed, 26 May 2021 08:54:09 PDT    
curl-devel-7.75.0-2.ph3.x86_64.rpm , sha256 : 82c666900fd9c3fd0340b3d7253f51c59c72b1007e8f087b22ad6bad4d5d3088 , size : 761K , build_date : Wed, 26 May 2021 08:54:09 PDT    
curl-libs-7.75.0-2.ph3.x86_64.rpm , sha256 : ce0bbff48c2f7e5e49f1f7b1f26cff6d041ad3288a34799f45a96938e3badb24 , size : 292K , build_date : Wed, 26 May 2021 08:54:09 PDT    
linux-4.19.190-2.ph3.x86_64.rpm , sha256 : 9cd6899a15ad90cce4e0794c2a30fc89ec6f2ec12842cca937cfbbf5cc682c8d , size : 22M , build_date : Wed, 26 May 2021 10:15:10 PDT    
linux-devel-4.19.190-2.ph3.x86_64.rpm , sha256 : 75a55013afe28bd81316b8b3050615239269a6ab6ae126b60afaef05399691d3 , size : 13M , build_date : Wed, 26 May 2021 09:20:40 PDT    
linux-docs-4.19.190-2.ph3.x86_64.rpm , sha256 : b9e39ec4cc36f06943b28a6337e311e6a8c0dba7edc707b6eb0c73bb7cb80972 , size : 8.3M , build_date : Wed, 26 May 2021 09:20:40 PDT    
linux-drivers-gpu-4.19.190-2.ph3.x86_64.rpm , sha256 : 029c0a9c2fe36d268b0c584b946e001378cca89d1a0edaeae8a64daca3389f28 , size : 1.5M , build_date : Wed, 26 May 2021 09:20:40 PDT    
linux-drivers-intel-sgx-4.19.190-2.ph3.x86_64.rpm , sha256 : aa6f8cbf98a6071b0871f0bb8a4f1889b457ccfb6518bf3da06d45a0f5e5593b , size : 50K , build_date : Wed, 26 May 2021 09:20:40 PDT    
linux-drivers-sound-4.19.190-2.ph3.x86_64.rpm , sha256 : 20daec69e8b1380fce554e27bf62094a6f240d92139c45448ffebec2b1d5601d , size : 543K , build_date : Wed, 26 May 2021 09:20:40 PDT    
linux-hmacgen-4.19.190-2.ph3.x86_64.rpm , sha256 : 09f7dfac122b2c60e66f9fd310f2915df7fc5e86cf8a085642f73668c5db38ec , size : 41K , build_date : Wed, 26 May 2021 09:20:40 PDT    
linux-oprofile-4.19.190-2.ph3.x86_64.rpm , sha256 : e0330a23f93e4a9dcff19622d69a11cd2e9ad4e62d6c215248c253505594f5a0 , size : 56K , build_date : Wed, 26 May 2021 09:20:40 PDT    
linux-python3-perf-4.19.190-2.ph3.x86_64.rpm , sha256 : 5545fccb0a9ff39706c524c303b31361661bf6a958a27c0eefb3405ad6b2ff91 , size : 162K , build_date : Wed, 26 May 2021 09:20:40 PDT    
linux-rt-4.19.190-2.ph3.x86_64.rpm , sha256 : 02ed47633f7d7a11484896f1545221a1bc41a94247c49d86195d44d5fe83f4b2 , size : 22M , build_date : Wed, 26 May 2021 10:15:10 PDT    
linux-rt-devel-4.19.190-2.ph3.x86_64.rpm , sha256 : 841fed6d7207d55ddc771f45f70b82d7f689ec572e42acb9a7856d89fbd0b3ad , size : 13M , build_date : Wed, 26 May 2021 09:16:52 PDT    
linux-rt-docs-4.19.190-2.ph3.x86_64.rpm , sha256 : 6253fa41249124a944b4ab1b5386b4ad68cebcd469cb4cc745bbb7085885cd4a , size : 8.2M , build_date : Wed, 26 May 2021 09:16:52 PDT    
linux-tools-4.19.190-2.ph3.x86_64.rpm , sha256 : 003931ddf7194048888afc6c6f93af1cfce7fefd9f77cb2f15927462a24fd529 , size : 9.8M , build_date : Wed, 26 May 2021 09:20:40 PDT    
nginx-1.16.1-4.ph3.x86_64.rpm , sha256 : 55ca4f39a360227411b76ff088f64ca6c12b8861e5e40513417c78a4b7c105fa , size : 617K , build_date : Wed, 26 May 2021 08:53:00 PDT

I referred https://raw.githubusercontent.com/wiki/vmware/photon/Security-Updates-3.0-243.md

0 Kudos
araikwar
VMware Employee
VMware Employee
‎09-14-2022 02:14 AM
Jump to solution

One important update came from SHD development team, and accordingly to them CVE-2021-23017  does not impact Skyline Health Diagnostics, as it doesn't use the resolver feature of NGINX. 

0 Kudos
anshumansingh
VMware Employee
VMware Employee
‎09-20-2022 09:59 PM
Jump to solution

Hi @baszek 

 

The new version of SHD 3.5.0 is available for download here Download VMware Skyline Health Diagnostics.

0 Kudos
degvm
Enthusiast
Enthusiast
‎04-18-2023 05:34 AM
Jump to solution

Version 3.5.2 is released some weeks ago : https://customerconnect.vmware.com/downloads/get-download?downloadGroup=SKYLINE_HD_VSPHERE