With Venom, a malicious user program with sufficient root privileges "could break through the isolation normally afforded by the hypervisor and reach into the memory space of its hosted peers, potentially corrupting the software stack running in the other VMs and gaining access to sensitive data and applications," said Bill Weinberg, senior director of open source strategy at Black Duck Software.
Crowdstrike on Wednesday made public its discovery of yet another long-buried Linux vulnerability.
"Venom," as it has been dubbed, was unearthed by the firm's senior security researcher, Jason Geffner. It is listed as vulnerability CVE-2015-3456.
Venom exists in the virtual floppy drive code (FDC) used by virtualization platforms based on QEMU (quick emulator). It has been around since 2004.
The code probably went undetected for 11 years because "it's not obvious at all that this is a vulnerability," Geffner told LinuxInsider.
What is venom and how it kills
Venom is a threat to virtual machines.
A server runs a hypervisor, which in turn runs one or more virtual machines, called "guest machines." The hypervisor provides each guest operating system with a virtual OS and manages the execution of the guest OSes.
Several VMs, running multiple instances of one OS or different OSes, can be guested on one hardware platform.
When guest OSes send commands such as seek, read, write or format to the FDC's input/output port, the FDC stores them and their associated parameters in a fixed-size buffer, according to Crowdstrike.
It keeps track of how much data to expect for each command. After all expected data for a given command is received from the guest OS, the FDC executes the command and clears the buffer for the next command.
However, two commands, which Crowdstrike did not disclose, are not reset. An attacker can send those commands and specially crafted parameter data from the guest system to the FDC to create a buffer overflow and execute arbitrary code during the host's hypervisor process.
Attackers will need administrator privileges or root access privileges, so it's not as if a hacker can waltz in and take over the FDC.
No comments:
Post a Comment