TechSpot

Venom vulnerability more dangerous than Heartbleed, targets most virtual machines

By Shawn Knight
May 13, 2015
Post New Reply
  1. bigger heartbleed venom virtualbox virtual machine attack kvm datacenter vulnerability cyberattack hack hacker hypervisor crowdstrike ken

    Researchers have uncovered a new bug that’s much more dangerous than last year’s Heartbleed vulnerability. Venom, short for Virtualized Environment Neglected Operations Manipulation, could allow an attacker to infiltrate a datacenter and take over its entire network.

    As ZDNet notes, most datacenters use virtual machines to segregate customers, allowing the admins to run multiple instances on a single server. The virtual machines all share resources but operate as separate entities in the host hypervisor, which is responsible for powering the virtual machines.

    Venom allows a bad actor to escape their own virtual machine and access others on the network.

    bigger heartbleed venom virtualbox virtual machine attack kvm datacenter vulnerability cyberattack hack hacker hypervisor crowdstrike ken

    Discovered by Jason Geffner from security firm CrowdStrike, the zero-day vulnerability dates back to 2004 and is caused by a legacy floppy disk controller that, when sent a specific string of code, can crash the hypervisor.

    A number of modern virtualization platforms such as KVM, VirtualBox and Ken are all vulnerable. Datacenters running Bochs hypervisors, Microsoft Hyper-V and VMware are safe. Geffner told the publication in a phone interview that millions of virtual machines are using one of the vulnerable platforms.

    How bad is it compared to Heartbleed?

    The security researcher said Heartbleed lets a hacker look through a window of a house and gather information based on what they see. Continuing the analogy, he added that Venom allows a bad actor to break into a house then subsequently do the same to every other house in the neighborhood.

    Dan Kaminsky, a well-known security researcher, said the bug went unnoticed for so long simply because hardly anyone bothered to look at the legacy disk drive system.

    The good news is that because the flaw was found in-house at CrowdStrike, there’s no publicly known code to exploit it which will give companies some lead time in resolving the bug and issuing patches.

    Permalink to story.

     
  2. scorpian007

    scorpian007 TS Enthusiast Posts: 52   +18

    I'd imagine most datacenters would be using VMware or Hyper-V
     
    Kezhen Gao likes this.
  3. war59312

    war59312 TS Booster Posts: 117

    Indeed, running VMware we are. Glad it was not hit by this.
     
  4. scorpian007

    scorpian007 TS Enthusiast Posts: 52   +18

    If VMware was affected, this would be a really huge deal. Outside of VirtualBox, haven't even heard of the others.
     
  5. Mo Ali

    Mo Ali TS Rookie

    "A number of modern virtualization platforms such as KVM, VirtualBox and Ken are all vulnerable."

    I think you mean Xen, not Ken.
     
  6. RebelFlag

    RebelFlag TS Addict Posts: 135   +67

    No, you know Ken, the guy who works at the data center down the street......:)P
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...