Security Advisory of Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278, aka "Shellshock"

We are working with our vendors to quickly patch the Shellshock bug to our infrastruture and our customer's who may be exposed to this vunerbility.
Further information:?https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

For those on that are using ESXi/ESX Hypervisor and products, please follow this KB from VMWare:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740

Short verion:
vSphere ESXi/ESX Hypervisor
ESXi 4.0, 4.1, 5.0, 5.1, and 5.5 are not affected because these versions use the Ash shell (through busybox), which is not affected by the vulnerability reported for the Bash shell.

ESX 4.0 and 4.1 have a vulnerable version of the Bash shell. ?Although these versions have passed their EOL product cycle, VMware will provide a patch.

For those on that are using Citrix Xenserver Hypervisor and products, please follow this article from Citrix:
http://support.citrix.com/article/CTX200217

Tuesday, September 30, 2014

« Back

Security Advisory of Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278, aka "Shellshock"

By Month

By Month

Support

Security Advisory of Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278, aka "Shellshock"

By Month

By Month

Support

Generate Password