Solved

shell shock

Posted on 2014-09-25
5
251 Views
Last Modified: 2014-10-01
I am trying to find whether there is any patches for shell shock bug for vmware.
Based on this link below.

http://blogs.vmware.com/security/2014/09/vmware-investigating-bash-command-injection-vulnerability-aka-shell-shock-cve-2014-6271-cve-2014-7169.html

What the fixes for now?
0
Comment
Question by:sara2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 166 total points
ID: 40344596
1) if you read that page, it says "We are currently investigating the issue."

2) VMware is not linux and doesn't use bash.  Patches are slowing coming out for different linux distributions.
0
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 167 total points
ID: 40344635
This security issue was only reported yesterday 24th September 2014.

It will take VMware engineering a few days to process the information and test, if applicable to VMware vSphere products.

DON'T PANIC!

There are no fixes at present, unless you want to turn off your server!!!

Bookmark the page, and Keep a Watch on it for Changes!

Have you patched for the SSL Heartbleed ?

Do you have Linux or Unix VMs ?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 167 total points
ID: 40347275
vmware ESXi is linux, but it uses ash not bash, you can verify that over SSH.
all virtual appliances are normal linux, suse or centos, so vulnerable. for centos updates are free, probably you just get on system as root and "yum update bash", for SuSE it is subscription-based (read - cmware will provide update some day)
0
 

Author Closing Comment

by:sara2000
ID: 40356146
Still waiting for our esx4.0 and vmware vcentre appliances.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40356295
I doubt they call shell scripts via CGI (it is tomcat)
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When rebooting a vCenters 6.0 and try to connect using vSphere Client we get this issue "Invalid URL: The hostname could not parsed." When we get this error we need to do some changes in the vCenter advanced settings to fix the issue.
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question