Wednesday 13 May 2015

Virtual Floppy Drive Creates Serious Leak In Virtual Machines


Researchers have discovered an eleven year old and serious vulnerability in various virtualization platforms, allowing an attacker to escape from virtual machines. The vulnerability has security Crowd Strike called " Venom got "and is located in the virtual floppy disk controller (FDC) of QEMU. QEMU, which stands for Quick Emulator, is free and open source virtualization software.

The vulnerable code is used by various appliances and virtualization platforms including Xen, KVM and QEMU client. Popular virtualization software such as VMware, Microsoft Hyper-V hypervisor and Bochs is not vulnerable. By using the vulnerability that may escape an attacker out of the virtual machine and then, whether or not to get over the other virtual machines, access to the network. While floppy disks no longer be used, would provide many standard virtualization solutions from a virtual floppy drive.

By attacking the Venom leak can get assailants as Crowd Strike access to intellectual property of companies, as well as sensitive and personally identifiable information. Possibly would be thousands of organizations and millions of users of sensitive virtual machines use risk. The leak would be present in the code since 2004. Yet there are no attacks observed in the wild. To carry out the attack must have an attacker or malware on root or administrator privileges on the host system.

For QEMU Project, Xen Project and Red Hat have now been released security updates. Another solution is to configure the virtual machine hypervisor in a certain way, the impact of the vulnerability can reduce or even prevent altogether. Something Crowd Strike in the advisory explains.

No comments:

Post a Comment