Posts

Showing posts from May, 2015

Attacking the hypervisor venom

Who says that the hypervisor is 100% secure. Looks like thanks to the security flaw in a virtual floppy disk  VENOM, CVE-2015-3456 has become a reality and can in fact be used to possibly escape from a virtual client into adjacent VM systems. At the time of this release the QEMU Virtual floppy disk controller (FDC) affects Xen but does not affect VMware, or Hyper-V.  This vuln is a doozy, and especially for organizations that rely heavily on Xen. This March I read a great article that had described that if a vulnerability was to be discovered in Xen that Amazon's  Steve Schmidt would 'gets busy' , which I would take is today!. Of course this lead's the the next question on my mind. Has Venom been used to successfully exploit Amazon, and would we know about it? If you're running any of these - consider the posted workaround asap! A list of affected Linux distros RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x CentOS Linux version