Extremely Serious virtual machine bug ‘VENOM’ could threaten cloud providers
Read about a new vulnerability which has been discovered and that could easily allow an attacker to escape the restrictions of a guest virtual machine (VM) into the host system.
Very serious security vulnerability has been discovered that could allow an attacker to escape the restrictions of a guest virtual machine (VM) into the host system. VENOM is actually the problem resolves around a security flaw in the floppy disk controller code from the QEMU open source machine emulator and it was first highlighted by security firm. This bug could have far-reaching repercussions as many cloud service providers rely on virtualisation in order to separate the various VMs that runs on their platform. Well in this case, an attacker could possibly exploit the access to the host system to go through and gain access to other VMs that runs on the system.
Apart from QEMU VM platforms, the problem also affects Xen, Microsoft Hyper-V, KVM. VMware and Bochs hypervisors are not impacted by the vulnerability.
IT is said that “Most VM escape vulnerabilities discovered in the past were only exploitable in non-default configurations or in configurations that wouldn't be used in secured environments. Other VM escape vulnerabilities only applied to a single virtualization platform, or didn't directly allow for arbitrary code execution.”
VENOM is actually very unique in that it applies to a large array of virtualisation platforms on default configurations and it also allows for direct arbitrary code execution. At the time, it is understood that patches are available from the Xen Project, RedHat and the QEMU Project and others are supposed to be forthcoming soon.
As the VENOM flaw is certainly not as widespread as Heartbleed so it could have critical repercussions on the integrity of a virtual infrastructure and it should thus not be minimized. As there is no indication that the vulnerability is quite being actively exploited maliciously in the wild so administrators should rush to check whether their virtual infrastructure is in the clear and patch affected systems quickly.
For certain situations where it may not be quite possible or easy to get the security flaw patched, so it is noticed that ARM-based systems and Xen systems that runs x86 paravirtualised guests are not vulnerable to the exploit. Moreover, to enable stub-domains, it can mitigate the issue by reducing the privileges that a hacker can gain in order to access. If you want to know more about VENOM patch then you can also follow the article ‘The VENOM "Virtual Machine Escape" bug’ in which you will get a complete information about VENOM bug and its related issues.
This is a web developer and internet marketing company.
May 27, 2015