Venom

Vulnerability ‘Venom’ Affects Millions of Servers, Allows Access to Entire Data Center Network

Add Your Comments

Millions of servers are affected by the security flaw discovered Wednesday by Jason Geffner, a senior security researcher at CrowdStrike Senior Security Researcher. Named ‘Venom’, an acronym for “Virtualized Environment Neglected Operations Manipulation” this vulnerability allows access to a host machine that can allow code execution and gives criminal the ability to escape the confines of an assigned virtual machine to wreak havoc on others.

“Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems,” according to the report. This could allow a hacker to access the entire network in a data center or all clients hosted by a particular providers utilizing this vulnerability.

Many data centers utilize hypervisor technology to power virtual machines, allowing them to host multiple operating systems on one single server, sharing resources yet remaining separate. Venom allows an attacker to access the entire hypervisor and every other device connected to the network.

“Heartbleed lets an adversary look through the window of a house and gather information based on what they see,” said Geffner, to ZDNet. “Venom allows a person to break in to a house, but also every other house in the neighborhood as well.”

The ability to affect a wider range makes Venom much more dangerous than Heartbleed, Shellshock or Poodle, all discovered last year.

Many virtualization platforms used by hosting providers have this vulnerability in the virtual floppy drive code. Even though floppy drives are basically obsolete, a virtual floppy drive is added to new virtual machines by default. “…[E]ven if the administrator explicitly disables the virtual floppy drive, an unrelated bug causes the vulnerable FDC code to remain active and exploitable by attackers,” said the report.

This virtual floppy drive code is on millions of virtual machines. Before the security flaw was disclosed publicly on Wednesday, Crowdstrike worked with software makers to help patch the bug in late April.

“As the bug was found in-house at CrowdStrike, there is no publicly known code to launch an attack,” reported ZDNet. “Geffner said the vulnerability can be exploited with relative ease, but said developing the malicious code was ‘not trivial.’”

The report recommends that “If you administer a system running Xen, KVM, or the native QEMU client, review and apply the latest patches developed to address this vulnerability.”

 

 

 

 

 

 

Newsletters

Subscribe Now and Get Our Exclusive Report on "The Hosting Infrastructure Ecosystem"

Enter your email to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.

Related Forum Threads

About the Author

Cheryl Kemp is the Director, Community and Conference Content for Penton Technology. She leads the efforts for conference content including speaker recruitment, advisory boards and programming for Penton Technology channel events as well as channel elearning. She attended the University of Cincinnati and holds a degree in Psychology. You can find her on twitter and google+.

Add Your Comments

  • (will not be published)