VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)
Critical Nessus Plugin ID 78771
SynopsisThe remote host has a virtualization appliance installed that is affected by Shellshock.
DescriptionThe VMware vSphere Replication installed on the remote host is version 5.1.x prior to 220.127.116.11, 5.5.x prior to 18.104.22.168, 5.6.x prior to 22.214.171.124, or 5.8.x prior to 126.96.36.199. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system
SolutionUpgrade to vSphere Replication 188.8.131.52 / 184.108.40.206 / 220.127.116.11 / 18.104.22.168 or later.