VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)
Critical Nessus Plugin ID 78771
SynopsisThe remote host has a virtualization appliance installed that is affected by Shellshock.
DescriptionThe VMware vSphere Replication installed on the remote host is version 5.1.x prior to 126.96.36.199, 5.5.x prior to 188.8.131.52, 5.6.x prior to 184.108.40.206, or 5.8.x prior to 220.127.116.11. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system
SolutionUpgrade to vSphere Replication 18.104.22.168 / 22.214.171.124 / 126.96.36.199 / 188.8.131.52 or later.