McAfee Next Generation Firewall GNU Bash Code Injection (SB10085) (Shellshock)
Critical Nessus Plugin ID 79234
SynopsisThe remote host is affected by a code injection vulnerability known as Shellshock.
DescriptionThe remote host has a version of McAfee Next Generation Firewall (NGFW) installed that is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.
SolutionApply the relevant hotfix referenced in the vendor advisory.