How to patch Shellshock in Workspace Portal

VMware has released official bash patches for Horizon Workspace and Workspace Portal to address the recently discovered shellshock bug.

Be sure to review kb.vmware.com/kb/2091067 as you must apply the correct patch for your exact version of Workspace.

How to tell if your Workspace instance is currently vulnerable

To test, run the following command on each VM in the appliance:

env ‘VAR=() { :;}; echo Bash is vulnerable!’ ‘FUNCTION()=() { :;}; echo Bash is vulnerable!’ bash -c “echo Bash Test”

A system vulnerable to shellshock will show output similar to this:

Here is how you can patch your Workspace servers:

  1. Head over to vmware.com/downloads and select your current version of Workspace. in this example, we’ll be using Workspace Portal 2.1
  2. Download the listed RPM update at the bottom of the page
  3. Copy the downloaded patch to /tmp on your Workspace VM (use something like SCP or WinSCP to accomplish this). If you are on an earlier Workspace instance with multiple VMs in the Workspace appliance, you’ll need to do this on all the VMs.
  4. Login to the Workspace VM as root, and unzip the patch
  5. Change directory to the unzipped folder, and apply the patch by running
    rpm -U –nodeps *.rpm

  6. Run the test command from above again to verify you aren’t still vulnerable
 
Advertisements

Thanks for your comments!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s