VENOM is an even worse vulnerability than Heartbleed, the famous security flaw in OpenSSL from which we have talked in this blog. It affects GNU / Linux servers, and as with Heartbleed you could retrieve information from the server's memory remotely without having access permission, VENOM is also a security threat.
VENOM (CVE-2015-3456) is a recently discovered issue that could affect millions of servers and computers. The worst thing is that it takes present more than 11 years and allows a remote user to exploit this vulnerability to gain access outside of the virtual machine. Hence its name, since VENOM is the acronym for Virtual Environment Neglected Operations Manipulation.
With VENOM could bypass the virtual machine limit that provides the service and operates directly with the real machine to execute malicious code on it, access other virtual machines present in the system, access to other areas of the data network, etc.
And the cause of this problem is the outdated, but still present, floppy controller. Although the floppy disks are practically obsolete, it is still maintained for reasons of backward compatibility. In fact, it has affected almost 95% of systems such as:
- RHEL 5.x, 6.x and 7.x
- CentOS Linux 5.x, 6.x, 7.x
- OpenStack 4, 5 (RHEL 6), and 5 and 6 (RHEL 7).
- Red Hat Enterprise Virtualization 3.
- Debian and other distros based on it. Including Ubuntu (12.04, 14,04, 14,10 and 15.04).
- SUSE Linux Enterprise Server 5, 6, 7, 10, 11, 12 (in all its service packs)
To fix this VENOM problem, you should keep your distribution as up-to-date as possible with the latest security patches. Also, if you use VirtualBox, you must update it to version 4.3 or higher (when they come out). Although the system will not have to be restarted, the virtual machines will have to be restarted to fix the problem.
As well affects virtual machines with QEMU, XEN, KVM and Citrix. But it does not affect virtualization systems from VMWare, Microsoft's Hyper-V, nor does it affect BOCHS. So stay updated and find out in your case how to correct the problem. Hope this is a wake-up call for developers, who should also audit old code so these things don't happen.
Be the first to comment