Is vmware vulnerable to shellshock?

Question

We have tons of vmware hosted servers in our DMZ environment, with the recent shellshock bash bug, what do I need to do to protect our environment?

The question is not whether VMWare is affected, but whether the apps you run in your VM guests are. You should check what depends on Bash or what runs shell scripts in general in each of your VMs that accept public connections and make use of untrusted data to run scripts of any kind. — Steve Dodier-Lazaro, Sep 25 '14 at 21:28
Here is a link to VMWare KB addressing: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740 — Mike Fair, Sep 29 '14 at 22:14

score 5 · Accepted Answer · answered Sep 25 '14 at 18:40

5

The vSECR Team has been actively investigating CVE-2014-6271 aka “Shell Shock” and its impact on their products. Currently VMware has determined that ESXi is not affected and neither are Windows based products including vCenter for Windows. Investigation into other products is ongoing.

For now you are probably safe, but stay tuned! Check http://www.vmware.com/company/news/releases often

answered Sep 25 '14 at 18:40

Kamic

693
2
5
20

1

Do you have a source from VMware that you can link to? – schroeder Sep 25 '14 at 19:32
you can contact them directly, I got word via email – Kamic Sep 25 '14 at 20:25
update: http://www.vmware.com/security/advisories/VMSA-2014-0010.html – Kamic Oct 01 '14 at 15:44

Is vmware vulnerable to shellshock?

1 Answers1