Security vulnerability - VENOM - CVE-2015-3456 - QEMU/XEN/KVM

Description:

VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems. For more information, please read the following article (source) http://venom.crowdstrike.com/

Who is vulnerable:

QEMU: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
Xen Project: http://xenbits.xen.org/xsa/advisory-133.html
Red Hat: https://access.redhat.com/articles/1444903
Citrix: http://support.citrix.com/article/CTX201078Debian: https://security-tracker.debian.org/tracker/CVE-2015-3456
Suse: https://www.suse.com/support/kb/doc.php?id=7016497

 

Resolution:

For CentOS/RedHat:

# yum clean all
# yum update

 

For Debian/Ubuntu:

$ sudo apt-get clean
$ sudo apt-get update
$ sudo apt-get upgrade

 

General

The emulated floppy seems to be loaded by default in QEMU and KVM. You can disable the floppy support and start QEMU without floppy emulation while enabling VGA (and/or any other options):

$ qemu -nodefaults -vga std ...


On CentOS/RedHat, you can also manage the virtual machines with libvirt.
See libvirt documention.

 

External references:

http://venom.crowdstrike.com/
http://www.cyberciti.biz/faq/cve-2015-3456-patch-venom-on-debian-ubuntu-fedora-centos-rhel-linux/
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
http://xenbits.xen.org/xsa/advisory-133.html
https://access.redhat.com/articles/1444903
http://support.citrix.com/article/CTX201078Debian: https://security-tracker.debian.org/tracker/CVE-2015-3456
https://www.suse.com/support/kb/doc.php?id=7016497

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk