The company had released corrections only for few of
their products. VMware is actively working to eliminate ShellShock
vulnerabilities in their 37 virtual products, but so far it released corrections
only for few of them. The company recommended its customers to install patches
for Linux, Android, OSX and iOS, as many products are working precisely on the
basis of these operating systems.
The vulnerability does not affect the software product
for enterprise virtualization VMware ESX Server, because it uses the shell Ash,
as well as products that are running by Windows (including vCentre Server).
ShellShock affects different versions of vCloud
Director, VMware Data Recovery, VMware Mirage Gateway and the vSphere Storage
Appliance. VMware recommended users properly configure firewalls and other
network-level controls and allow an access to the products only from trusted
IP-addresses. This arrangement will greatly reduce any risk for them.
After the discovery of vulnerabilities in Bash shell
technology companies, such as Linux, Apple and OpenVPN released a series of
updates for their products. According to security researcher from the company
Rapid7 Uaysmen Greg (Greg Wiseman), patch Apple, released for 10.8 Mountain
Lion, was not effective enough.
The expert used a bash check tool on 10.8 Mountain Lion to check
all vulnerabilities. The test results proved that the platform is still
vulnerable to CVE-2014-7186.
Source: securitylab.ru
No comments:
Post a Comment