Solved

shell shock

Posted on 2014-09-25
5
245 Views
Last Modified: 2014-10-01
I am trying to find whether there is any patches for shell shock bug for vmware.
Based on this link below.

http://blogs.vmware.com/security/2014/09/vmware-investigating-bash-command-injection-vulnerability-aka-shell-shock-cve-2014-6271-cve-2014-7169.html

What the fixes for now?
0
Comment
Question by:sara2000
5 Comments
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 166 total points
ID: 40344596
1) if you read that page, it says "We are currently investigating the issue."

2) VMware is not linux and doesn't use bash.  Patches are slowing coming out for different linux distributions.
0
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 167 total points
ID: 40344635
This security issue was only reported yesterday 24th September 2014.

It will take VMware engineering a few days to process the information and test, if applicable to VMware vSphere products.

DON'T PANIC!

There are no fixes at present, unless you want to turn off your server!!!

Bookmark the page, and Keep a Watch on it for Changes!

Have you patched for the SSL Heartbleed ?

Do you have Linux or Unix VMs ?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 167 total points
ID: 40347275
vmware ESXi is linux, but it uses ash not bash, you can verify that over SSH.
all virtual appliances are normal linux, suse or centos, so vulnerable. for centos updates are free, probably you just get on system as root and "yum update bash", for SuSE it is subscription-based (read - cmware will provide update some day)
0
 

Author Closing Comment

by:sara2000
ID: 40356146
Still waiting for our esx4.0 and vmware vcentre appliances.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40356295
I doubt they call shell scripts via CGI (it is tomcat)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Create your first Windows Virtual Machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, the Windows OS we will install is Windows Server 2016.
When rebooting a vCenters 6.0 and try to connect using vSphere Client we get this issue "Invalid URL: The hostname could not parsed." When we get this error we need to do some changes in the vCenter advanced settings to fix the issue.
Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question