Questions? Feedback? powered by Olark live chat software
| Get: Our Articals In Your Email | Get: 120 Important Softwares all on DVD | Buy a VPN Or Proxy to get free internet | Contact Us


Ads 468x60px

Tuesday, 26 May 2015

VENOM: A New Virus That can Attack Even Virtual Machines

With Venom, a malicious user program with sufficient root privileges "could break through the isolation normally afforded by the hypervisor and reach into the memory space of its hosted peers, potentially corrupting the software stack running in the other VMs and gaining access to sensitive data and applications," said Bill Weinberg, senior director of open source strategy at Black Duck Software.


Crowdstrike on Wednesday made public its discovery of yet another long-buried Linux vulnerability.
"Venom," as it has been dubbed, was unearthed by the firm's senior security researcher, Jason Geffner. It is listed as vulnerability CVE-2015-3456.

Venom exists in the virtual floppy drive code (FDC) used by virtualization platforms based on QEMU (quick emulator). It has been around since 2004.

The code probably went undetected for 11 years because "it's not obvious at all that this is a vulnerability," Geffner told LinuxInsider.

What is venom and how it kills


Venom is a threat to virtual machines.
A server runs a hypervisor, which in turn runs one or more virtual machines, called "guest machines." The hypervisor provides each guest operating system with a virtual OS and manages the execution of the guest OSes.
Several VMs, running multiple instances of one OS or different OSes, can be guested on one hardware platform.
When guest OSes send commands such as seek, read, write or format to the FDC's input/output port, the FDC stores them and their associated parameters in a fixed-size buffer, according to Crowdstrike.
It keeps track of how much data to expect for each command. After all expected data for a given command is received from the guest OS, the FDC executes the command and clears the buffer for the next command.


However, two commands, which Crowdstrike did not disclose, are not reset. An attacker can send those commands and specially crafted parameter data from the guest system to the FDC to create a buffer overflow and execute arbitrary code during the host's hypervisor process.

Attackers will need administrator privileges or root access privileges, so it's not as if a hacker can waltz in and take over the FDC.

No comments:

Post a Comment

Get Our Latest Articles Delivered to Your email

You will shortly receive a confirmation email. Please approve to complete Subscribtion.

 

Alittle About Me

I am an open minded person with a great interest in computer networks, programming and cyber security. My love for computers started way back since elementary school where I din't have access to the internet nor did I have a computer at my disposal. In the long run at the right time, the love I had for so long was taken to the next level when I was granted internet access and mostly, A computer at my disposal. This allowed me to develop and enhance my skills more effectively. Currently on a cyber... Continue Reading

To all those that visit. We highly appreciate.
Thank You!

Do you like what you see?

Get our Daily email updates (It's Free):


Related Posts