Top

Venom Vulnerability

Posted in Webhosting News on May 19, 2015

WHAT IS VENOM? HOW DOES IT INFLICT YOUR VIRTUAL MACHINE?

 

VENOM( “Virtualized Environment Neglected Operations Manipulation”)

 

Now here comes the new Security Threat called 'VENOM', present in most of the virtual floppy drive code which has been installed by default and used by many computer Virtualization platforms. By default this vulnerability is present in XEN/KVM Hypervisors, Which enables the Network attacker to modify the data saved in the Virtual Machine Guests and permits all the Access privileges of host machine and VM Guests connected to that network.

When any guest Virtual Machine send commands to be performed with certain data parameters to the host machine floppy disk controller, it’s been saved in fixed sized buffer and commands will be processed accordingly. Once all the commands are executed successfully the buffer will be cleared. Buffer may contain defected commands that could not process further, then the buffer cannot be reset.

Since the Network attackers are connected to host machine as a Rented VM guests, take advantage of this situation. The attackers will send the commands which causes the vulnerability and contains the modified data parameters to the controller Floppy Disk. The attackers now will have a complete access to the guest VM and can cause the controller buffer to overflow which results VENOM vulnerability in Guest VM. Data can be modified and hosted on same affected machine by attackers.

 IS SCOPEHOSTS VIRTUAL MACHINES SAFE FROM VENOM?

Yes! ScopeHosts has patched all of its Xen/KVM nodes with updates released by SolusVM. Now all of our clients Virtual machines are safe and can be used without any issue.

No security breach was reported by any of our clients related to "VENOM".

This flaw only affects Xen/KVM Virtualizations. No OpenVZ Virtual Machines are affected by this.