Previous year a bug hits the cyber world with a bang under the name of #Heartbleed that has adverse effect when comes to exploitation. Recently a new vulnerability similar to that has been discovered.
This new vulnerability has been named as #VENOM (Virtualized Environment Neglected Operations Manipulation). This vulnerability is focused for the virtual machines. As many know that these days even servers are deployed in VMs.
#VENOM (#CVE-2015-3456) resides in the virtual floppy drive code used by many number of virtual machines. The vulnerability allows the attacker to gain full access of the host machine as well as other guest OS running on the system.
The vulnerability was discovered in open-source virtualization package (QEMU) affecting its virtual floppy disk controller (FDC). The affectable packages are Xen, KVM, Oracle's VirtualBox and QEMU client.
For Successful exploitation the attacker should reside in a virtual machine having access to Floppy and I/O ports. For Linux the attacker need just root or elevated previlege. For Windows normal user can exploit.
Not only machines Cloud providers which rely on QEMU-based virtualization are also vulnerable to Venom. But the vulnerability is stated only in theory and no exploitation has been made as of now.
Only QEMU-based are affected and also Xen and QEMU has released patches for Venom. All versions of RedHat are vulnerable and it is recommended to all users to update and patch. A restart after update is required to take effect.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment