Sunday 17 May 2015

Oracle Closed Venom Vulnerability In Virtual Box And Linux



This week it was announced that a serious vulnerability is present in various virtualization solutions allow an attacker from a virtual machine can "escape" to then fully take over the guest OS. Many companies would thereby risk.

The vulnerability, which is named " Venom got ", is present in the floppy disk controller (FDC) of QEMU (Quick Emulator). An attacker must therefore have access to the FDC in order to carry out his malicious code within the virtual machine. The vulnerable code is used by various virtualization platforms and appliances, including those from Oracle.

It comes to know different products, as the software giant late. For Oracle Linux, Oracle VirtualBox, Oracle VM and Oracle Virtual Compute Appliance have been updates released to stop the leak. In the case of Oracle Database Appliance, Exadata Database Machine, Exalogic Elastic Cloud and Exalytics In-Memory Machine, which is also likely to be vulnerable, no updates are available yet. The list of patched products in the advisory However, Oracle is continuously updated.

No comments:

Post a Comment