记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

VENOM – Does it live up to the hype?

2015-05-17 07:45

VENOM - Does it live up to the hype? - 第1张  | Sec-UN 安全圈

SANS InfoSec Community Forums, RICK
 
 
Unless you have been hiding under a rock this week you have heard about VENOM.  The first article that I saw was from ZDNet with the headline of "Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters".  Pretty provocative stuff.  Is VENOM really worth that much hype?
 
VENOM stands for Virtualized Environment Neglected Operations Manipulation. The cute acronym basically means that the exploit takes advantage of a vulnerability in legacy code. In short the vulnerability is CVE-2015-3456 and it is found in fdc.c, the floppy disk controller software, used in some virtualization products. the most popular ones being QEMU, Xen and KVM.  The  vulnerability will permit someone with administrator access in the virtual machine (VM) to potentially escape the VM and execute arbitrary code from within the host virtualization software, with the permissions of the host virtualization software. The worst case scenario is that the attacker could escape to the guest operating system and access other guests on the same machine. To the best of my knowledge nobody has succeeded in demonstrating the worst case.
 
Should we panic?
 
This vulnerability is important because it has the potential to affect a significant portion of the virtualization platforms that are in common use today, but there is no reason to panic. 
* The vulnerability cannot be compromised remotely, nor is it possible to remotely scan for this vulnerability.
* In order for the attacker to even attempt to exploit the vulnerability they need to have shell level access as an administrator level to a virtualized guest.
* While a proof of concept exists that exploits the vulnerability, nobody has demonstrated any practical use of the exploit.
* Patches are available for all affected virtualization platforms. 
 
Certainly not of the significance of Heartbleed or FREAK.  While it is important to get vulnerable systems patched as soon as reasonable there is no reason to panic.
 

— Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected)


知识来源: www.sec-un.org/venom-does-it-live-up-to-the-hype.html

阅读:116698 | 评论:0 | 标签:信息速递

想收藏或者和大家分享这篇好文章→复制链接地址

“VENOM – Does it live up to the hype?”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

❤人人都能成为掌握黑客技术的英雄⛄️

ADS

标签云