Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: VENOM vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VENOM vulnerability
From a reader who emailed the ISC hander list:

I wanted to bring this to your attention in case you have not seen it yet.
Venom is a new virtual machine vulnerability affecting Xen, KVM and QEMU.

venom.crowdstrike.com/
xenbits.xen.org/xsa/…
securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/

---

VENOM is an acronym for "Virtualized Environment Neglected Operations Manipulation" which is a marketing term for CVE-2015-3456 ( cve.mitre.org/cgi-bin/… )

According to the Crowstrike announcement, VENOM "is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems."

At this time, Crowdstrike lists some of the patches in their Q&A section of their announcement page:

QEMU: git.qemu.org/
Xen Project: xenbits.xen.org/xsa/…
Red Hat: access.redhat.com/articles/…
Citrix: support.citrix.com/article/…
Brad

360 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!