Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Venom' Security Vulnerability Threatens Most Datacenters

Posted by Soulskill on from the holes-in-legacy-code dept.

An anonymous reader sends a report about a new vulnerability found in open source virtualization software QEMU, which is run on hardware in datacenters around the world (CVE-2015-3456). "The cause is a widely-ignored, legacy virtual floppy disk controller that, if sent specially crafted code, can crash the entire hypervisor. That can allow a hacker to break out of their own virtual machine to access other machines — including those owned by other people or companies." The vulnerable code is used in Xen, KVM, and VirtualBox, while VMware, Hyper-V, and Bochs are unaffected. "Dan Kaminsky, a veteran security expert and researcher, said in an email that the bug went unnoticed for more than a decade because almost nobody looked at the legacy disk drive system, which happens to be in almost every virtualization software." The vulnerability has been dubbed "Venom," for "Virtualized Environment Neglected Operations Manipulation."

4 of 95 comments (clear)

  1. Re:Sooo.... by LoRdTAW · · Score: 2, Insightful

    Not sure where you are getting this floppy business from. Virtualbox guest addition tools are loaded from a single CD image. All the driver packages are on that image. Hyper-V also uses a CD image. I have also used VMware in the past and they too used CD images.

    Perhaps you are confusing that with the provided floppy controller emulation.

  2. Re:Open Source Branding by thegarbz · · Score: 4, Insightful

    Sure if you cherry pick your applications to suit your case then you could argue that. To me I see open source vulnerabilities which are called CVE-215-3456 which someone happens to have an alternate name for. I see programs called StarOffice, and Libre Office. I see MySQL, openLDAP, and systemd. All very descriptive of what they do.

    Let's not over generalise.

  3. Re:Not very serious by martyros · · Score: 3, Insightful

    ...an unrelated bug causes the vulnerable FDC code to remain active and exploitable by attackers.

    Which is why the PV mode in Xen is such a killer security feature -- the more stuff you have just lying around, even if unused in theory, the higher the probability that there will be a bug somewhere that can be exploited.

    --

    TCP: Why the Internet is full of SYN.

  4. Goddamn Heartbleed by glwtta · · Score: 5, Insightful

    So every single vulnerability from now on is getting an idiotic media name?

    We can't have CVE-1234, no no, must be RageBoner or PantShitter or no one will take it seriously!

    --
    sic transit gloria mundi