BEST OF THE WEB

Venom bug bites several virtualization platforms, patching needed

The bite caused by a bug found in many virtualization platforms may not be as severe as first thought, according to a news report.

On Wednesday, a California vendor of endpoint security products called CrowdStrike released details on a vulnerability (CVE-2015-3456) it dubbed Venom, a hole in the floppy drive emulation code used by many virtualization platforms including XEN, KVM, QEMU, and VirtualBox.

The initial headlines were alarming. However, at least ond site says the bug can’t easily be exploited.

CSO Online quoted several security experts noting that an attacker has to have administrative privileges. In addition, the bug doesn’t affect VMware, Microsoft Hyper-V, and Bochs hypervisors, nor any applications running on Amazon’s AWS platform.

Patches for many platforms have been or are about to be released. Among those out already are from Xen Project, Citrix, FireEye, QEMU, Red Hat, Suse and Ubuntu Linux, and F5.

“It’s serious, but not Heartbleed serious. There are no known in-the-wild attacks and a patch is available,” Karl Sigler, threat intelligence manager at Trustwave, is quoted as saying.

Tod Beardsley, Research Manager at Rapid7, is also quoted as saying those most affected run or subscribe to hosted VPS services.

Crowdstrike says Venom may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. On Xen and QEMU, the vendor says, even if the administrator explicitly disables the virtual floppy drive, an unrelated bug causes the vulnerable FDC code to remain active and exploitable by attackers.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web