Is ESX v3.0 / 3.5 vulnerable to Shellshock?

Similar Messages

• IMac is vulnerable to Shellshock

  Hi,
  My iMac has is vulnerable to Shellshock.  See test and results below.  Please advise.
  Test:
  Is my machine vulnerable?
  Shellshocker.net provides two tests, one for each vulnerability, (CVE-2014-6271) and (CVE-2014-7169). On a Mac, open the Terminal program and type:
  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  If you see "vulnerable" echoed in the response, your version of Bash is affected. Then type:
  env X='() { (a)=>\' bash -c "echo date"; cat echo
  If you see today's date (alongside any errors), your version of Bash is vulnerable.
  Results:
  Last login: Sun Sep 28 11:30:39 on console
  Daryls-iMac-2:~ darylkennedy$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  vulnerable
  this is a test
  Daryls-iMac-2:~ darylkennedy$
  Daryls-iMac-2:~ darylkennedy$ env X='() { (a)=>\' bash -c "echo date"; cat echo
  bash: X: line 1: syntax error near unexpected token `='
  bash: X: line 1: `'
  bash: error importing function definition for `X'
  Sun Sep 28 11:36:27 EDT 2014
  Daryls-iMac-2:~ darylkennedy$

  d-nc wrote:
  Hi,
  My iMac has is vulnerable to Shellshock.  See test and results below.  Please advise.
  Don't run a web server and don't allow remote access. But, I imagine that is true already.
  Unless you are using an Airport Extreme, your router is likely the biggest vulnerability. The others are generally configured through a web server.
  See the other posts Esquared linked.

• ISE 1.2.0.899 vulnerable to Shellshock?

  Hi, I just saw that version 1.2(0.747) is vulnerable. How about 1.2.0.899?
  https://tools.cisco.com/bugsearch/bug/CSCur00532
  KR

  I've asked the PSIRT Team and they confirmed that ISE is vulnerable.
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  (Prime Infrastructure is vulnerable as well but is not yet mentioned in the advisory.  It will be added in an upcoming revision.)

• HP hardware vulnerable to ShellShock bug?

  Hi all,
  I have been asked to check whether our HP hardware is affected in any way by the recent Bash vulnerability.
  We use the following HP hardware:
  E-MSM460 Access Point (ww)(J9591a) - Wireless Access Point
  ProCurve 2520G-24-POE (J9299A) - POE Switch
  ProCurve Switch 2510G-24 (J9279A) - Switch
  Can anyone advise whether these devices use any type of Linux or OSX based software?
  Many thanks,
  James.

  Hi,
  Please post your question on Business Support forum. HP rep at your country should tell you. I know we have many HP products in our halls (ie computer rooms) but I only talk with other vendors, not HP.
  Regards.
  BH
  **Click the KUDOS thumb up on the left to say 'Thanks'**
  Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

• Prime Infrastructure vulnerable to ShellShock?

  Hi,
  does anyone know if Prime Infrastructure version 1.2 is also affected?
  It is not in the list:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  KR

  Hi Renata,
  I'm looking for a patch for our version (and still looking) but found a list that appears to show that 1.2 is affected.
  https://tools.cisco.com/bugsearch/bug/CSCur05228
  Hope that helps.
  Jim

• HT201393 how can I fix IOS 10.6.8. if vulnerable ?

  How can I fix IOS 10.6.8. if vulnerable to shellshock ?

  Further to the above, there is a possible fix posted on Macintouch: go to
  http://www.macintouch.com/readerreports/security/index.html#d01oct2014
  and scroll up to the last post on 30 September, from Jim Weisbin. See also the posts at the bottom of the page he links to,
  http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid -shellshock-the-remote-exploit-cve-2014-6271-an/146851
  Disclaimer: all this is outside my technical knowledge and I pass this on for information only. I can't offer any comment on its suitability; use at your own risk.

• ShellShock Vulnerable products

  Hello
  We have Cisci UCS blade servers B420 M3 serial : FCH1710J7JP
  and the Fabric Interconnect : UCS-FI-6248UP
  I need to know if those product are vulnerable for ShellShock 
  If they are vulnerable witch patch I need to install ? 

  Just an FYI a fix has been released (2.2(3b))......
  Fixes will be available in the following upcoming releases:
  3.0(1d) ==> ETA week of 10/13
  2.2(3b) ==> released 10/9
  2.2(2e) ==> ETA week of 10/13
  2.2(1f) ==> ETA week of 10/13
  2.1(3f) ==> ETA will be announced shortly
  2.0(5g) ==> ETA will be announced shortly
  All six CVEs, CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 CVE-2014-6278, and CVE-2014-6277 have been fixed.
  The 2.2(3b) release was published to CCO on 10/9. The other 2.2 release trains will be updated in the week of 10/13. The release schedule for the 2.0 and 2.1 release trains will be announced soon - release candidates are currently still in QA.
  https://tools.cisco.com/bugsearch/bug/CSCur01379

• Cisco NAC Guest Server and shellshock

  Hello,
  We are running NAC server v2.0.2 and would like to know if it's vulnerable to shellshock as the bug report CSCur05629 isn't clear on this. 

  Well you will need to use a 3rd party certificate..  Here is a link to generate and install a 3rd party certificate on the WLC for the use with Web-Auth:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  Here is a link for the NGS:
  http://tools.cisco.com/search/display?url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fdocs%2Fsecurity%2Fnac%2Fappliance%2Fconfiguration_guide%2F410%2Fcas%2Fcas41ug.pdf&pos=1&strqueryid=2&websessionid=RK88fQNWy8TCDUakpNGLOqZ
  The applicances are using a self generated Cisco certificate which of course is not a trusted certificate store in most of all operating systems.  So using a 3rd party certificate like RapidSSL, Verisign, etc will eliminate the certificate issue.

• Bash: Apple should continuously support Bash update 1.x for all prior-Snow Leopard OS X and Servers

  I don't see any reason why Apple should ignore all pior-Snow Leopard OS X and Servers' Bash Update 1.0.
  In my work environment, I have a mixture of Unix servers (from the old to the latest). Now, all Unix machines are vulnerable to Shellshock. It is worse than heartbleed bug. Why do Apple still let crackers have chance to attack those old Apple machines and Xserves? For God's sake, please provide Bash updates to them all. This is a historical glitch. Poor users had no choice of what version of Bash to install or remove at the time. Their securities are on Apple's hand. Apple has the responsibility to fix it.
  Put it another way, on May 1, 2014, despite the end of support for the Windows XP (April 8, 2014, over 12 years since its long release), Microsoft released an emergency patch to correct a major, recently discovered security exploit in the Internet Explorer browser on all versions of Windows.
  If Microsoft can do it, why Apple cannot do it better?

  Don't tell us.  Tell Apple.
  BugReporter
  <http://bugreporter.apple.com>
  Free ADC (Apple Developer Connection) account needed for BugReporter.
  Anyone can get a free account at:
  <http://developer.apple.com/programs/register/>
  And/Or
  Mac OS X Feedback
  <http://www.apple.com/feedback/macosx.html>

• Linksys SRW224G4 Managed Switch

  Does anyone know if this switch is vulnerable to the Shellshock issue? I asked in the Linksys forum, but was told to ask in the Cisco forum. Thanks.

  This switch is not a Linksys product - it's Cisco. It is not vulnerable to shellshock.

• Is java vulnerable in safari 5.1? I have a macbook using 10.6.8

  I am worried about the java vulnerability.  I need it to pay bills on my banks website.  is java vulnerable in safari 5.1.  I am using a macbook with os 10.6.8

  The recently discovered zero-day flaw in Java 7 is so serious that the U.S. Department of Homeland Security has warned users to disable or uninstall it, and Apple has disabled the Java 7 plugin on Macs through its OS X anti-malware system, in order to protect users from a potentially serious security issue.
  You should disable Java (if not already done) until either the US Department of Homeland Security, or Oracle, declare it safe and Apple restore the facility. Oracle have released an update said to fix the security flaw, available from here:
  http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.h tml
  Javascript should not be disabled (it has nothing to do with Java), and is probably what your bank is using.

• Shellshock Vulnerability

  Are any of the Adobe Creative Cloud services vulnerable to the Bash / Shellshock bug?

  The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html .
  An INTERIM Cisco Security Advisory was published on September 25th, 2014 and is available at the following URL:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.

• Are we really vulnerable for plugins?

  Are we really vulnerable... or is the admonition to perform updates a catchall for out-of-date plugins? What I mean is, do these plugins really miss a new vulnerability every other week, or is the term "vulnerable" used to mean that there is a newer release available and you should just update it later, because maybe this release fixed something.
  I really want to know when cyber creeps have unleashed a new round of havoc via bad code in the plugins. However, I don't have the time to chase updates in Acroread or Java every week. Besides, after every series of updates, I always need to open up Microsoft Autoruns and disable their self-installed processes to call home and check versions whenever I boot up. I'm sorry, but any updating will be done by me when I'm not late for something at work. I can't say how many times my computer is stalled checking for new versions (and downloading and installing them while I'm trying to do accomplish something!)
  So if these vulnerabilities are just a reflection of there being a new version available, I'll research and weigh my options for the day and just avoid vulnerable sites for a couple weeks (that's a joke - I always avoid vulnerable sites and have never gotten a virus). However, if these really mean that bad guys are actively deploying malware, I'll take them more seriously. I know how to manage the risks if I know what this message means.
  One might wonder why plugins to display images and documents would be so vulnerable anyways. Is there really code in them that says "ok, the document is displayed, is there anything else the server side would like us to run on the client PC?" :) Looking at the recent Apple QT versions, they're not clear if the "arbitrary code" that gets run is that the PC will continue to execute random stuff in memory (which is more likely to lead to a crash) or if it's code placed in the image that will get executed.
  Thanks in advance for clarifying...

  hello, yes the updates from adobe and oracle for its plugins contain fixes for discovered vulnerabilities regularly. this should not be taken lightly since outdated plugins are the #1 infection vector for malware on the web nowadays...
  ''edit: you also might not be safe by just visiting known & "trusted" sites, since also ad-networks or content delivery networks might get hacked and used for the spreading of malware.''
  http://www.adobe.com/support/security/
  <br>http://www.oracle.com/technetwork/topics/security/alerts-086861.html

• I'm having trouble with something that redirects Google search results when I use Firefox on my PC. It's called the 'going on earth' virus. Do you have a fix that could rectify the vulnerability in your software?

  I'm having trouble with a virus or something which affects Google search results when I use Firefox on my PC ...
  When I search a topic gives me pages of links as normal, but when I click on a link, the page is hijacked to a site called 'www.goingonearth.com' ...
  I've done a separate search and found that other users are affected, but there doesn't seem to be a clear-cut solution ... (Norton, McAfee and Kaspersky don't seem to be able to detect/fix it).
  I'd like to continue using the Firefox/Google combination (nb: the hijack virus also affects IE but not Safari) - do you have a patch/fix that could rectify the vulnerability in your software?
  thanks

  ''' "... vulnerability in your software?" ''' <br />
  And it affects IE, too? Ya probably picked up some malware and you blame it on Firefox.
  Install, update, and run these programs in this order. They are listed in order of efficacy.<br />'''''(Not all programs detect the same Malware, so you may need to run them all to solve your problem.)''''' <br />These programs are all free for personal use, but some have limited functionality in the "free mode" - but those are features you really don't need to find and remove the problem that you have.<br />
  ''Note: If your Malware infection is bad enough and you are mis-directed to URL's other than what is posted, you may have to use a different PC to download these programs and use a USB stick to transfer them to the afflicted PC.''
  Malwarebytes' Anti-Malware - [http://www.malwarebytes.org/mbam.php] <br />
  SuperAntispyware - [http://www.superantispyware.com/] <br />
  AdAware - [http://www.lavasoftusa.com/software/adaware/] <br />
  Spybot Search & Destroy - [http://www.safer-networking.org/en/index.html] <br />
  Windows Defender: Home Page - [http://www.microsoft.com/windows/products/winfamily/defender/default.mspx]<br />
  Also, if you have a search engine re-direct problem, see this:<br />
  http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
  If these don't find it or can't clear it, post in one of these forums for specialized malware removal help: <br />
  [http://www.spywarewarrior.com/index.php] <br />
  [http://forum.aumha.org/] <br />
  [http://www.spywareinfoforum.com/] <br />
  [http://bleepingcomputer.com]

• How to tell what was the latest patch installed on VMware ESX Server 3i, 3.5.0, 207095

  Hello Guys,
  I have been running an old server that was installed as a test system on a DELL workstation - Optiplex GX620 (32 bit).
  During the installation I had to confirgure the file: /usr/lib/vmware/installer/Core/TargetFilter.py to change the following line:
  "return interface.GetInterfaceType() == ScsiInterface.SCSI_IFACE_TYPE_IDE" to read:
  "return interface.GetInterfaceType() == ScsiInterface.SCSI_IFACE_TYPE_ISCSI" this made it worked and I have been using it for 3 years now. However, at this time I was hoping to update it with the latest patches and updates and I cannot figure out if I have ESXi or just ESX, nor what was my last update and what is required next.
  I have used this command to get the following output:
  # vmware -v
  VMware ESX Server 3i 3.5.0 build-207095
  ... I believe the 3i indicates that I have an ESXi 3.5.0 but is build-207095 the same buid as ESXi 3.5.0 Update 5?
  If not, how do I go about updating it? What is the KB # I should download?
  I can manage it using vSphere Client 5.5 and I can SSH into it using Putty.
  Note: When I run... "# esxupdate --bundle=ESXe350-201302401-I-SG.zip update" from within the folder where its at in the datastore, nothing happens... just a new line is scrolled.
  Also...
  # esxupdate query
  <?xml version="1.0"?>
  <query-response>
    <installed-packages>
      <package ID="ESX-207095">
        <name>firmware</name>
        <version>3.5.0</version>
        <rel>207095</rel>
      </package>
      <package ID="ESX-CLIENT-204907">
        <name>viclient</name>
        <version>2.5.0</version>
        <rel>204907</rel>
      </package>
      <package ID="ESX-TOOLS-207095">
        <name>tools</name>
        <version>3.5.0</version>
        <rel>207095</rel>
      </package>
    </installed-packages>
  </query-response>
  /vmfs/volumes/525300ce-5ff6ad3d-e2ed-0014222aedb7/Patches/ESXe350-201302401-O-SG #
  ... is there any further update for this system? I believe so as the Heartbleed patch etc. was not around when I was installing this server back in 2010.

  Hello Richardson Porto,
  I wanted to tell you that I appreciate the help so far.
  Also wanted to point out to you, that the KB indicated above is older than Update 5, which from your instructions is what I have installed. That KB is for U2.
  Now, the document definitely has step by step instructions on installing, querying etc. But my problem is ... NOT ALL COMMANDS WORK FOR ME!
  This is why I am here because all the instructions I have been reading does not work with my flavor of ESX 3.5.0, 207095... WHY? It has me stumped.
  For example, here are some commands the doc asked me to do and they failed: (Note that I had to unzip the folder on my windows box and upload it to /tmp using vSphere Client)
  /tmp # ls
  ESX350-201302402-BG      ESX350-201302402-BG.zip  vmhsdaemon-0
  /tmp # unzip ESX350-201302402-BG.zip
  -ash: unzip: not found                                                                                          -----------------------THIS COMMAND WAS NOT FOUND ?
  /tmp # cd ESX350-201302402-BG
  /tmp/ESX350-201302402-BG # esxupdate info
  Invalid command info                                                                                          -----------------------THIS COMMAND WAS INVALID ?
  /tmp/ESX350-201302402-BG # esxupdate update                                       -----------------------NOTHING HAPPENED HERE ?
  /tmp/ESX350-201302402-BG # ls -lh
  -rw-------    1 root     root       321.3k Dec 13 15:24 VMware-esx-scripts-3.5.0-988599.i386.rpm
  -rw-------    1 root     root         1.6k Dec 13 15:24 contents.xml
  -rw-------    1 root     root          701 Dec 13 15:24 contents.xml.sig
  -rw-------    1 root     root         1.4k Dec 13 15:24 descriptor.xml
  drwxr-xr-x    1 root     root          512 Dec 13 15:24 headers
  /tmp/ESX350-201302402-BG #
  NOTE: All these commands were run sequentially and I just copied and paste it from my SSH Client (PuTTy.exe)
  Is there a toolkit I need to install to have these commands or what really am I missing here? Host is in Maintenance Mode and the 1 VM that's on it is off!
  I am going to start a new discussion with this NEW ISSUE, since the Heading of this DISCUSSION has already been SOLVED! Thanks again!