VMware Cloud Community
JasonBlake
Contributor
Contributor
‎09-26-2014 03:18 AM
Jump to solution

Vmware Essentials Running Vcentre 5.0.0 804277. HP custom ESXI hosts 5.0.0 623860 BASH exploit.

Hi Guys..

We are running vcentre Server v5.0 with Hp custom VMware 5.0.0 623860 hosts. Although they are in the LAN are they affected at all by the BASH security risk that has been recently announced ?

I know it mainly effect internet facing unix servers and mac OSX.

Thanks for any responses

Jason

Tags (2)
1 Solution

Accepted Solutions
vThinkBeyondVM
VMware Employee
VMware Employee
‎09-26-2014 03:22 AM
Jump to solution

Hi Jason,

  Here is what VMware KB on this issue says :

Purpose

On Sept 24, 2014, a critical vulnerability in bash (CVE-2014-6271, CVE-2014-7169) was published that may allow for remote code execution.

The VMware Security Engineering, Communications, and Response group (vSECR) has been actively investigating the impact this vulnerability may have on our products. Our ongoing assessment is documented in the next section.

Resolution

Products

vSphere ESXi Hypervisor

ESXi is not affected as it uses the ash shell (through busybox), which is not affected by the vulnerability reported for the bash shell.

Products that run on Windows

Windows-based products are not affected including vCenter Server running on Windows.

Products that run on Linux or Mac OS (excluding Virtual Appliances)

Products that run on Linux or Mac OS (excluding Virtual Appliances) may use the bash shell that is part of the operating system. In case the operating system has a vulnerable version of bash, the bash security vulnerability may be exploited through the product. VMware recommends that customers contact their operating system vendor for a patch.

Products that are shipped as a Virtual Appliance

Products that are shipped as a Virtual Appliance running on a Linux OS that has a vulnerable version of bash may be affected. A Virtual Appliance is considered affected if is it possible to input malicious environment variables remotely and execute the added code in the Virtual Appliance. We will update this article with the findings of our investigation into Virtual Appliances.

Services

  • AirWatch MDM – Investigation ongoing
  • Horizon DaaS – Not affected
  • IT Business Management – Investigation ongoing
  • Socialcast – Investigation ongoing
  • vCloud Air – Investigation ongoing

Refer:VMware KB: VMware assessment of bash Code Injection Vulnerability via Specially Crafted Environment ...


----------------------------------------------------------------
Thanks & Regards
Vikas, VCP70, MCTS on AD, SCJP6.0, VCF, vSphere with Tanzu specialist.
https://vThinkBeyondVM.com/about
-----------------------------------------------------------------
Disclaimer: Any views or opinions expressed here are strictly my own. I am solely responsible for all content published here. Content published here is not read, reviewed or approved in advance by VMware and does not necessarily represent or reflect the views or opinions of VMware.

View solution in original post

4 Replies
vThinkBeyondVM
VMware Employee
VMware Employee
‎09-26-2014 03:22 AM
Jump to solution

Hi Jason,

  Here is what VMware KB on this issue says :

Purpose

On Sept 24, 2014, a critical vulnerability in bash (CVE-2014-6271, CVE-2014-7169) was published that may allow for remote code execution.

The VMware Security Engineering, Communications, and Response group (vSECR) has been actively investigating the impact this vulnerability may have on our products. Our ongoing assessment is documented in the next section.

Resolution

Products

vSphere ESXi Hypervisor

ESXi is not affected as it uses the ash shell (through busybox), which is not affected by the vulnerability reported for the bash shell.

Products that run on Windows

Windows-based products are not affected including vCenter Server running on Windows.

Products that run on Linux or Mac OS (excluding Virtual Appliances)

Products that run on Linux or Mac OS (excluding Virtual Appliances) may use the bash shell that is part of the operating system. In case the operating system has a vulnerable version of bash, the bash security vulnerability may be exploited through the product. VMware recommends that customers contact their operating system vendor for a patch.

Products that are shipped as a Virtual Appliance

Products that are shipped as a Virtual Appliance running on a Linux OS that has a vulnerable version of bash may be affected. A Virtual Appliance is considered affected if is it possible to input malicious environment variables remotely and execute the added code in the Virtual Appliance. We will update this article with the findings of our investigation into Virtual Appliances.

Services

  • AirWatch MDM – Investigation ongoing
  • Horizon DaaS – Not affected
  • IT Business Management – Investigation ongoing
  • Socialcast – Investigation ongoing
  • vCloud Air – Investigation ongoing

Refer:VMware KB: VMware assessment of bash Code Injection Vulnerability via Specially Crafted Environment ...


----------------------------------------------------------------
Thanks & Regards
Vikas, VCP70, MCTS on AD, SCJP6.0, VCF, vSphere with Tanzu specialist.
https://vThinkBeyondVM.com/about
-----------------------------------------------------------------
Disclaimer: Any views or opinions expressed here are strictly my own. I am solely responsible for all content published here. Content published here is not read, reviewed or approved in advance by VMware and does not necessarily represent or reflect the views or opinions of VMware.

JasonBlake
Contributor
Contributor
‎09-26-2014 03:37 AM
Jump to solution

thanks mate..

🙂

0 Kudos
JasonBlake
Contributor
Contributor
‎09-26-2014 03:41 AM
Jump to solution

With the VA part. Im guessing the APC PowertChute PCNS 3.1 VMA that sits on top of a Linux VM will be affected ?

0 Kudos
vThinkBeyondVM
VMware Employee
VMware Employee
‎09-26-2014 03:59 AM
Jump to solution

As per KB 2090740 ::: Products that are shipped as a Virtual Appliance running on a Linux OS that has a vulnerable version of bash may be affected. A Virtual Appliance is considered affected if is it possible to input malicious environment variables remotely and execute the added code in the Virtual Appliance

vMA may be affected as it is virtual appliance running on linux OS.

However, It is expected that KB  2090740 will be updated as and when there is any new findings/assessments.


----------------------------------------------------------------
Thanks & Regards
Vikas, VCP70, MCTS on AD, SCJP6.0, VCF, vSphere with Tanzu specialist.
https://vThinkBeyondVM.com/about
-----------------------------------------------------------------
Disclaimer: Any views or opinions expressed here are strictly my own. I am solely responsible for all content published here. Content published here is not read, reviewed or approved in advance by VMware and does not necessarily represent or reflect the views or opinions of VMware.

0 Kudos