Knowledge

5/13/2015

VENOM security vulnerability – possible threat to datacenters

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

On Wednesday, May 13, 2015, new vulnerability that has been assigned CVE-2015-3456 with a nick name VENOM was published. News agencies breaking this news stating that datacenters are vulnerable and at risk at their core:

“A security research firm is warning that a new bug could allow a hacker to take over vast portions of a datacenter -- from within.” ZDNet (May 13, 2015). 

  1. Digital Edge does not run vulnerable virtualization platforms. 
  2. Digital Edge has small portion of clients running vulnerable platforms. Digital Edge security team will be contacting such clients on individual bases. 

Mechanism Analysis:
VENOM is a virtual floppy device vulnerability. A physical host running hypervisor creates virtual servers and isolate them from each other prohibiting access from virtual machines to each other, shared resources, physical resources or hypervisor itself. The vulnerability discovered gives a possible way for a hackers to purchase a VM, infect this VM, break from that jail and propagate from infected VM through hypervisor to other VMs on the physical host. 

Affected Platforms:

  • Xen
  • KVM
  • QEMU
  • Possible other using QEMU virtual Floppy Disk Controller code. 

Risk Assessment:
However, while it’s possible that a large number of systems are impacted by this flaw, Digital Edge conclusion is that it isn’t something that can be passively exploited. Digital Edge security team assures that criminal exploitation is possible if:

  1. The platform is vulnerable to VENOM. 
  2. An attacker has a root access to the hypervisor or administrators himself is malicious. 

Otherwise it is something to be aware of but not something to panic over. 

Digital Edge is committed to securing all of its controlled IT infrastructure environments, to advising its IT community about possible vulnerabilities, newly discovered weaknesses and hacks, and to providing security news and events.

If you feel that you need assistance from the Digital Edge Security team please contact us at support@digitaledge.net

Michael Petrov
Founder, Chief Executive Officer

Michael brings 30 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank. Michael possesses advanced knowledge of security standards such as ISO 27001, NIST, SOC and PCI that brings into any solutions delivered by Digital Edge. Security solutions and standards are expended into public cloud such as AWS and Azure.

Was this article helpful?