All aboard the VENOM hype train!

So here we go, another time for another major security threat, and this time it’s the “VIRTUALIZED ENVIRONMENT NEGLECTED OPERATIONS MANIPULATION” aka VENOM attack.  Yes it has a website, and even a logo! (Creative Commons Attribution-ShareAlike 4.0 International License)

Look at me!

Look at me!

So what is all the fuss about?  Well if you can compromise a Xen, or KVM (and QEMU) VM to run code that bangs against the floppy controller it can have a buffer overflow exploit.

fantastic.

But, I know what you are thinking, most people who KVM use guest OSs that either don’t have floppy drivers, or even explicitly disable the floppy controller.  And from the site:

an unrelated bug causes the vulnerable FDC code to remain active and exploitable by attackers.

Oops.

But let’s calm down, first the attacker has to get root level on the VM before they can think about doing anything.  Of course this is a BIG problem for VM resellers.  Hopefully the patches will be available quickly, and they will be moderately disruptive, especially for those of us who still use virtual floppies.

The source patch has been released on the Qemu mailing list right here.

This entry was posted in KVM, qemu, random updates by neozeed. Bookmark the permalink.
avatar

About neozeed

What is there to tell? I've loved UNIX like things since I was first exposed to QNX in highschool (we had the Unisys ICONS!), and spent the better time of my teenage years trying to get my own UNIX... I should have bought Coherent in retrospect.. Anyways latched onto Linux in 1992, and then got some old BSD admin books and have been hooked on the VAX BSD & other big/ancient things since...!

One thought on “All aboard the VENOM hype train!

  1. Got my share of “please reboot” mails from the VPS farmers I rent from. Got me wondering how closed the PDP and VAX simulators in simh are as jails after throwing away the CTRL-E key. Maybe time to fire up a few fuzzers and see how well they hold up.

Leave a Reply

Your email address will not be published.

Notify me of followup comments via e-mail. You can also subscribe without commenting.