Catastrophic vulnerability: Venom threat most of the data center-vulnerability warning-the black bar safety net

ID MYHACK58:62201563364
Type myhack58
Reporter 佚名
Modified 2015-06-08T00:00:00


A security research firm alert, referring to a new Bug could allow a hacker from the inside of the ride unscathed in the data center solve most of the machine.

The zero-day vulnerability from the extensive application virtualization software of the traditional General-purpose component that can be exploited by hackers, so that its penetration is connected to the data center network each machine.

Most of the current data center will be the customer(including large technology companies and small company customers)are densely placed on the virtual machine, or multipleoperating systemdensely placed in a single server. Virtualization system designed to share resources, but virtualization system in the host management program is still a separate entity. Virtual machines run by the host management program to fully manipulate. The newly discovered vulnerability named“venom”(Venom), stands for“virtual environment negligent operation of manipulation”(fully Virtualized Environment Neglected Operations Manipulation, abbreviated as Venom), hackers can use the Venom for disabled access to the hypervisor, and thus can also be visit the link in the data center network on all devices.

Venom vulnerability stems from the traditional to the virtual floppy Controller, few people bother with the virtual floppy controller, but if the virtual floppy disk controller received a specially crafted code, the entire virtual machine management program will collapse. So hackers can be from your own virtual machine exceptional access to other machines, including other people or other company-owned machine.

The Bug is in the open source computer emulator QEMU found, initial discovery date is 2 0 0 4 year. Many modern virtualization platforms(such as Xen, KVM and Oracle VirtualBox)are contained within the paragraph there is something wrong with the code.

VMware, Microsoft Hyper-V and Bochs virtual machine management program is not affected.

Vulnerability is CrowdStrike, Jason Geffner found. He said Tuesday in a telephone interview that“millions of virtual machines containing the vulnerability of the platform.”

Venom could be the year find the biggest holes. Discover the vulnerability of the time leaving the year of the infamous Heartbleed vulnerability for more than a year a little bit. The Heartbleed vulnerability affects open-source encryption software OpenSSL, is not bad intentioned people use to get the affected server the data in memory.

Geffner used a metaphor to explain the two vulnerabilities are different,“Heartbleed can allow an opponent through the Windows of the house see the data, and then collect the information. Venom can let a person sneak into a house, and near all of the house.”

Geffner said his company is working with software vendors, to on Wednesday announced the vulnerability before the patch is good vulnerability. Since many companies have their own hardware and software, so thousands of affected customers in the patch when without offline.

He said that at present the biggest problem is some companies run a system cannot be automatically patched.

Hack if you want to use Venom vulnerability, then it must be the higher authority or“root”privileges into a virtual machine. Geffner give everyone a reminder, he said, from a cloud computing service provider that renting a virtual machine used to attack the hypervisor, it is a very simple matter.

Geffner said,“as to have to engage in things the fall of the virtual machine management program can do, it will be executed in the network layout.” The implication: to hijack the entire data center is possible.

Dan Kaminsky is a senior security experts, engaged in security research. He said in a e-mail said, the Venom the Bug for more than a decade did not cause people's attention, the reason is who will not on the traditional disk drive system of glance on glance. And almost every virtualization software has precisely contain the traditional magnetic Disk Drive Systems.

Kaminsky said,“running a cloud system people really want the patch to handle the Bug. Should not be too headache, because those may be the system impact of the large suppliers are already on the vulnerability to take the measures.”

Due to the Venom the Bug is in the CrowdStrike company inside found, anecdotal and non-disclosed code can be used to attack. Geffner said that the use of Venom vulnerability to attack is not difficult, but successful development can be to use malicious code to“struggle to find” it.

Venom vulnerability in late April after the disclosure, a public company with nearly two weeks to the affected system patched.

Rackspace the company in an emailed statement said that Rackspace was told its part of the cloud server is affected, Rackspace also said its system has been hit a patch.

Developed VirtualBox of Oracle in an e-mail statement, Oracle“knows”that the problem exists, has been fixed the code, and that Oracle will soon release a maintenance update.

Oracle software head Frank Mehnert said,“We will soon publish the VirtualBox 4.3 maintenance version. In addition, the affected number of users is limited because most of the standard virtual machine's configuration to disable the floppy disk device simulation.”

Oracle spokesman declined to comment.

The Linux Foundation is responsible for the Xen project. Its spokesman declined to detail to comment, but said it has released a security announcement.