Tips for Patching Your VMware Environment for ShellShock

In September 2014, a vulnerability was discovered in the Bash shell (used in many Unix-based systems). This vulnerability revolves around remote code execution made possible by using specially crafted environment variables.

If your environment is already running ESXi, you can breathe a little easier as ESXi uses a different shell and is not affected.

However, there are a number of VMware products that are affected:

  • Full ESX hypervisor (4.0 or 4.1)
  • VMware virtual appliances (such as vSphere Replication, the VMware management assistant or VMA, and many others)

For the full list, check out the VMware Knowledgebase.

The security advisory page for VMSA-2014-0010.13 has the details on the patches. Please note: If you are still running ESX 4.0/4.1 VMware has made a patch available through an exception to the VMware lifecycle policy.

For more information, feel free to reach out to me at arron.king@aresgrp.com.

Affiliated, IT Infrastructure Services & Support, Ohio

One Response to Tips for Patching Your VMware Environment for ShellShock

  1. DMoran December 1, 2014 at 9:43 pm #

    Good Post Arron –