According to the security advisory, the attackers can trigger the VENOM vulnerability by sending commands and specially crafted parameter data from the guest system to the vulnerable Floppy Disk Controller to cause the data buffer overflow and execute arbitrary code in the context of the host’s hypervisor process. The flaw is very dangerous because attackers could exploit it against a wide array of virtual machines, it is triggerable on default configurations, and would allow the arbitrary code execution.When considering on Linux guest machine, an attacker would need to have either root access or elevated privilege. However on Windows guest, practically anyone would have sufficient permissions to access the FDC.
Experts consider VENOM different from other vulnerabilities in the past that effect virtualized environments, since it exists in the hypervisor’s codebase it is independent from the specific host operating system (Linux, Windows, Mac OS, etc.).
The experts urge the administrators of a system running Xen, KVM, or the native QEMU client, to assess their system and apply the latest patches provided by their vendors. It is important to operate following the instructions provided by vendors verifying the application for the last VENOM patch.
%2Bdork%2Blist%2Binfosec%2Baffairs.png)
No comments:
Post a Comment