VMware Workspace Portal Multiple Bash Shell Vulnerabilities (VMSA-2014-0010) (Shellshock)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has a device management application installed that is
affected by multiple vulnerabilities.

Description :

The version of VMware Workspace Portal (formerly known as VMware
Horizon Workspace) installed on the remote host is missing package
updates. It is, therefore, affected by the following vulnerabilities
in the Bash shell :

- A command injection vulnerability exists in GNU Bash
known as Shellshock, which is due to the processing of
trailing strings after function definitions in the
values of environment variables. This allows a remote
attacker to execute arbitrary code via environment
variable manipulation depending on the configuration of
the system. By sending a specially crafted request to a
CGI script that passes environment variables, a remote,
unauthenticated attacker can execute arbitrary code on
the host. (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278,
CVE-2014-7169)

- An out-of-bounds memory access error exists due to
improper redirection implementation in the 'parse.y'
source file. A remote attacker can exploit this issue
to cause a denial of service or potentially execute
arbitrary code. (CVE-2014-7186)

- An off-by-one error exists in the 'read_token_word'
function in the 'parse.y' source file. A remote attacker
can exploit this issue to cause a denial of service or
potentially execute arbitrary code. (CVE-2014-7187)

See also :

http://www.nessus.org/u?52af41d9
https://www.vmware.com/security/advisories/VMSA-2014-0010
http://seclists.org/oss-sec/2014/q3/650
https://www.invisiblethreat.ca/post/shellshock/

Solution :

Apply the relevant patch as stated in the 2091067 VMware KB advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:ND/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now