Security Researcher Claims ‘VENOM’ Leaves Millions of Virtual Machines Vulnerable by David Bisson.
From the post:
A security researcher has discovered a new vulnerability that he claims could allow a hacker to infiltrate potentially every machine on a datacenter’s network, leaving millions of virtual machines vulnerable to attack.
According to CrowdStrike Senior Security Researcher Jason Geffner, ‘VENOM’ (CVE-2015-3456), which is an acronym for “Virtual Environment Neglected Operations Manipulation,” is a vulnerability that exists in the floppy disk controller driver for QEMU, an open-source computer emulator known as a hypervisor that is used for managing virtual machines.
…
The vulnerable section of QEMU’s code has been integrated into other virtualization platforms, including Xen, Kernel-based Virtual Machine (KVM), and Oracle VM, potentially leaving hundreds of thousands if not millions of virtual machines susceptible to attacks that exploit the VENOM bug.
Other hypervisors, including VMware, Microsoft Hyper-V, and Bochs, are not affected.
…
A patch is due out tomorrow (March 14th) but example exploit code won’t be posted.
Should not be that hard to work out. You know it is in the floppy code of QEMU. It is an overflow situation, so you identify the data structure in question, create the overflow and decide where you go from there.
If you are dreaming of taking over millions of VMs in data centers, you will need some computer programming skills. If you don’t have those skills, you aren’t doomed as a “hacker,” more news on it way.
PoC for VENOM: https://marc.info/?l=oss-security&m=143155206320935&w=2 Untested, use at your own risk.
Rackspace issues with VENOM Power cycle required for VMs. See the thread for details.
Jason Geffner has posted a full workup of the FDC vulnerability in: VENOM Vulnerability Details.