VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX host is missing a security-related patch.

Description :

The remote VMware ESX host is affected by multiple vulnerabilities
in the Bash shell :

- A command injection vulnerability exists in GNU Bash
known as Shellshock. The vulnerability is due to the
processing of trailing strings after function
definitions in the values of environment variables. This
allows a remote attacker to execute arbitrary code via
environment variable manipulation depending on the
configuration of the system. (CVE-2014-6271,
CVE-2014-7169, CVE-2014-6277, CVE-2014-6278)

- A out-of-bounds read error exists in the redirection
implementation in file parse.y when evaluating
untrusted input during stacked redirects handling. A
remote attacker can exploit this to cause a denial of
service or possibly have other unspecified impact.
(CVE-2014-7186)

- An off-by-one overflow condition exists in the
read_token_word() function in file parse.y when handling
deeply nested flow control structures. A remote attacker
can exploit this, by using deeply nested for-loops, to
cause a denial of service or possibly execute arbitrary
code. (CVE-2014-7187)

See also :

https://www.vmware.com/security/advisories/VMSA-2014-0010
http://lists.vmware.com/pipermail/security-announce/2014/000278.html
http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/2014/09/cve-2014-6271/
http://www.nessus.org/u?e40f2f5a

Solution :

Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 4.0 / 4.1.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:ND/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now