Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

shell shock

Posted on 2014-09-25
5
Medium Priority
?
261 Views
Last Modified: 2014-10-01
I am trying to find whether there is any patches for shell shock bug for vmware.
Based on this link below.

http://blogs.vmware.com/security/2014/09/vmware-investigating-bash-command-injection-vulnerability-aka-shell-shock-cve-2014-6271-cve-2014-7169.html

What the fixes for now?
0
Comment
Question by:sara2000
5 Comments
 
LVL 36

Assisted Solution

by:Seth Simmons
Seth Simmons earned 498 total points
ID: 40344596
1) if you read that page, it says "We are currently investigating the issue."

2) VMware is not linux and doesn't use bash.  Patches are slowing coming out for different linux distributions.
0
 
LVL 125

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 501 total points
ID: 40344635
This security issue was only reported yesterday 24th September 2014.

It will take VMware engineering a few days to process the information and test, if applicable to VMware vSphere products.

DON'T PANIC!

There are no fixes at present, unless you want to turn off your server!!!

Bookmark the page, and Keep a Watch on it for Changes!

Have you patched for the SSL Heartbleed ?

Do you have Linux or Unix VMs ?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 501 total points
ID: 40347275
vmware ESXi is linux, but it uses ash not bash, you can verify that over SSH.
all virtual appliances are normal linux, suse or centos, so vulnerable. for centos updates are free, probably you just get on system as root and "yum update bash", for SuSE it is subscription-based (read - cmware will provide update some day)
0
 

Author Closing Comment

by:sara2000
ID: 40356146
Still waiting for our esx4.0 and vmware vcentre appliances.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40356295
I doubt they call shell scripts via CGI (it is tomcat)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
August and September have been big months for VMware—from VMworld last month to our new Course of the Month in VMware Professional - Data Center Virtualization. We reached out to Andrew Hancock, resident VMware vExpert, to have a more in-depth discu…
Teach the user how to convert virtaul disk file formats and how to rename virtual machine files on datastores. Open vSphere Web Client: Review VM disk settings: Migrate VM to new datastore with a thick provisioned (lazy zeroed) disk format: Rename a…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question