-
Title
Are Foglight Evolve/Foglight for Virtualization Ent Edition (FVE) virtual appliances (vAPP) affected by CVE-2021-4034 PolKit vulnerability -
Description
Are Foglight Evolve/Foglight for Virtualization Ent Edition (FVE) virtual appliances (vAPP) affected by CVE-2021-4034 PolKit vulnerability -
Cause
Pkexec is available in Linux distros and allows authorized users to execute programs as another user.CVE-2021-4034 is a local privilege escalation vulnerability was found on polkit's pkexec utility.More information about this vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2021-4034 -
Resolution
Foglight products are not affected CVE-2021-4034 because it does not use the polkit utility. This is an OS level vulnerability.
However, Foglight Evolve and FVE virtual appliances (vAPP) come with pre-configured VMs.Small and Large vAAPs include one VM running Foglight and second VM running PostgreSQL Database repository, on openSUSE Leap 15.2 operating system. X-large vAPP includes one additional VM running Foglight Agent Manager(FglAM) on the same operating system Since polkit is available in openSUSE Leap 15.2 distribution,below mentioned versions of vApp (all-sizes) require the patch that is designed to address the vulnerability.
Please note that CVE-2021-4034 is reserved for Linux distros that are not used by any Foglight vApp version. Information about the vulnerability specifically for openSUSE Leap version 15.2 can be found here: https://www.suse.com/security/cve/CVE-2021-3560.html
1- Foglight Evolve versions- 9.3- 9.2- 9.1- 9.02- Foglight for Virtualization Ent Edition (FVE)versions- 8.9.3- 8.9.2Polkit patch information for openSUSE Leap 15.2 :Patch Name: openSUSE-2021-838Version: 0.116Release: lp152.2.3.1
Zypper is one of the package managers. Please feel free to use the menu-driven tool - YaST if you wish.More information about Zypper can be found here: https://en.opensuse.org/images/3/30/Zypper-cheat-sheet-2.pdfThis process requires root access. Therefore, please review Change the Network Settings section in Foglight Evolve/FVE Virtual Appliance Installation Guide for password information.
Steps to install the patch on FMS, Database & Agent Manager (applicable only for X-large vAPP) VMs:1- Login as root user2- Verify existing polkit version running; type: rpm -qi polkit2- Start polkit package update; type: zypper up libpolkit03- Follow the prompts4- System reboot required.Alternatively, you can upgrade to Foglight Evolve 6.0.0 vApp since it is already running the required patch and hence not affected by this vulnerability OR install all available updates for your existing vApp version. If you are currently using FVE vAPP then please contact your Account Manager to get information about FVE to Evolve Swap Program.Additional Information:
Here is the list of polkit Patch Name, Version and Release of Open Suse Leap 15.3, 15.1 and 15.0 for information purposes.
Open Suse Leap 15.3Patch Name: openSUSE-SLE-15.3-2022-190Version: 0.116Release: 3.6.1Open Suse Leap 15.1Patch Name: openSUSE-2019-1914Version: 0.114Release: lp151.5.3.1Open Suse Leap 15.0Patch Name: openSUSE-2019-1914Version: 0.114Release: lp150.2.10.1