Solved

shell shock

Posted on 2014-09-25
5
240 Views
Last Modified: 2014-10-01
I am trying to find whether there is any patches for shell shock bug for vmware.
Based on this link below.

http://blogs.vmware.com/security/2014/09/vmware-investigating-bash-command-injection-vulnerability-aka-shell-shock-cve-2014-6271-cve-2014-7169.html

What the fixes for now?
0
Comment
Question by:sara2000
5 Comments
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 166 total points
ID: 40344596
1) if you read that page, it says "We are currently investigating the issue."

2) VMware is not linux and doesn't use bash.  Patches are slowing coming out for different linux distributions.
0
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 167 total points
ID: 40344635
This security issue was only reported yesterday 24th September 2014.

It will take VMware engineering a few days to process the information and test, if applicable to VMware vSphere products.

DON'T PANIC!

There are no fixes at present, unless you want to turn off your server!!!

Bookmark the page, and Keep a Watch on it for Changes!

Have you patched for the SSL Heartbleed ?

Do you have Linux or Unix VMs ?
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 167 total points
ID: 40347275
vmware ESXi is linux, but it uses ash not bash, you can verify that over SSH.
all virtual appliances are normal linux, suse or centos, so vulnerable. for centos updates are free, probably you just get on system as root and "yum update bash", for SuSE it is subscription-based (read - cmware will provide update some day)
0
 

Author Closing Comment

by:sara2000
ID: 40356146
Still waiting for our esx4.0 and vmware vcentre appliances.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40356295
I doubt they call shell scripts via CGI (it is tomcat)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
HOW TO: Connect to the VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere (HTML5 Web) Host Client 6.5, and perform a simple configuration task of adding a new VMFS 6 datastore.
Teach the user how to convert virtaul disk file formats and how to rename virtual machine files on datastores. Open vSphere Web Client: Review VM disk settings: Migrate VM to new datastore with a thick provisioned (lazy zeroed) disk format: Rename a…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now