Most Data centers are vulnerable to Venom
-
The cause is a widely-ignored, legacy virtual floppy disk controller that, if sent specially crafted code, can crash the entire hypervisor. That can allow a hacker to break out of their own virtual machine to access other machines -- including those owned by other people or companies.
The bug, found in open-source computer emulator QEMU, dates back to 2004. Many modern virtualization platforms, including Xen, KVM, and Oracle's VirtualBox, include the buggy code.
VMware, Microsoft Hyper-V, and Bochs hypervisors are not affected.
http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/
-
Well that can't be good. I know that Oracle's VB is something I've tinkered with a time or two.. Although nothing to the level of a datacenter. It was just testing so wasn't up long - isnt up right now.
-
This will impact nearly everyone since it is Amazon, Rackspace, Softlayer, Digital Ocean, Vultr, etc.
-
From what I understand is that the VMs need to have a virtual Floppy Drive actually installed on the VM in order for them to own the hypervisor... Is that right?
-
@dafyre said:
From what I understand is that the VMs need to have a virtual Floppy Drive actually installed on the VM in order for them to own the hypervisor... Is that right?
I believe so. And I know of none that do that. I always disable that option because.... why do I want an extra driver installed?
-
So likely lots of reboots coming this week.
-
I just got a bunch of tickets from Rackspace. Guess what they are going to be for.
-
Amazon for some reason said they were never vulnerable to this attack.
-
@thecreativeone91 said:
Amazon for some reason said they were never vulnerable to this attack.
Likely they removed that code as it was unnecessary.
