Experts Say Venom is Serious but No Heartbleed

Security experts have discovered a zero-day vulnerability in the virtual floppy drive code used by many virtualisation platforms, however experts say it is no Heartbleed.

The vulnerability was discovered by senior security researcher at Crowdstrike, Jason Geffner. He said it could allow an attacker to escape the confines of an affected virtual machine guest operating system and potentially find code execution access to the hosts.

He warned this VM escape could open access to the host system and all other VMs running on that host OS. This could then potentially give attackers privileged access to the host's local network.

Geffner believes the exploitation of the Venom vulnerability could allow access to corporate intellectual property and sensitive and personally identifiable information, which could then affect the thousands of organisations and millions of users that rely on affected VMs for the allocation of shared computing resources as well as privacy, security storage and connectivity.

Even though the vulnerability has existed for more than a decade, security experts say Venom lacks the severity of the Heartbleed vulnerability that exists in all versions of OpenSSL, which was released between 14th March 2012 and 7th April 2014.

Vice president of research at Veracode Chris Eng said: "The news of the Venom vulnerability is concerning in breadth - similar to what we saw with Heartbleed in terms of the number of products affected - but the severity of this zero-day is not nearly as alarming."

Similarly, threat intelligence manager at Trustwave Karl Sigler said because most corporate virtual environments are isolated from public or anonymous access, they would be protected from future attacks.

He said: "In this regard the attack is very similar to a privilege escalation attack, where the attacker requires an initial foothold before exploitation. I would see this attack typically used to target hosting companies that use virtual environments like [kernel-based virtual machine] KVM. An attacker would purchase a KVM instance then use Venom to breach the hosting machine."

print this article

Return to internet news headlines
View Internet News Archive

Share with: