VENOM Vulnerability Threatens Virtual Machines (Updated)
Today the VENOM (Virtualized Environment Neglected Operations Manipulation) vulnerability, CVE 2015-3456, was announced. VENOM originates in a legacy virtual floppy disk controller from QEMU. If an attacker sends specially crafted code to the controller, it can crash the hypervisor and allow the attacker to break out of the VM to access other machines. VENOM impacts several popular virtualization platforms that include the QEMU controller, including Xen, KVM, and Oracle’s VirtualBox. Patches for QEMU and Xen are already available. To date, no exploit has been observed in the wild. Other virtual machine platforms such as VMware, Microsoft Hyper-V, and Bochs hypervisors are not affected.
“While we have previously seen VM bugs that require custom configurations,” explained Tenable Strategist Cris Thomas, “they did not allow arbitrary code execution. VENOM is a unique VM sandbox escape that could potentially provide access to other hosts.”
“Even if the floppy disk controller is disabled, VENOM could still affect data centers,” continued Thomas. “Users should patch their QEMU and Xen platforms; users of other systems should contact their vendors to determine when patches will be available.”
New plugins, dashboards and log detections (Updated)
Tenable Network Security has developed new plugins for Nessus®, dashboards for SecurityCenter™ and vulnerability log detections for SecurityCenter Continuous View™ that will help customers identify and remediate this vulnerability on their networks.
| Distribution | Plugin |
|---|---|
| CentOS 5 | 83420, 83421 |
| CentOS 6 | 83418 |
| CentOS 7 | 83419 |
| Debian 7 & 8 | 83422 |
| Oracle Linux 6 | 83444 |
| Oracle Linux 7 | 83445 |
| OracleVM 2.2 | 83484 |
| OracleVM 3.2 | 83483 |
| OracleVM 3.3 | 83482 |
| RHEL 5 | 83429, 83430 |
| RHEL 6 | 83425, 83428 |
| RHEL 7 | 83426, 83427 |
| Scientific Linux 5 | 83457, 83460 |
| Scientific Linux 6 | 83458 |
| Scientific Linux 7 | 83459 |
| Ubuntu 12.04/14.04/14.10/15.04 | 83438 |
A customized SecurityCenter dashboard is available via the feed to monitor, track and remediate critical assets (including QEMU, Xen, KVM and Oracle’s VirtualBox) affected by CVE-2015-3456. The dashboard provides insight on the impact to your environment and the progress of your efforts to remediate the VENOM issue.
The SecurityCenter CV Log Correlation Engine™ now detects CVE-2015-3456 in QEMU, Xen, KVM and Oracle’s VirtualBox via Windows and Linux logs. SecurityCenter CV LCE detections are posted on the plugins page as soon as they are available.
This blog is updated as events warrant.
Related Articles
Auditing Red Hat Enterprise Virtualization (RHEV) with Nessus v6
December 16, 2014There was a time in early 2000 when the word "virtualization" was synonymous with VMware, and rightly so. After all, VMware started the second coming of this revolutionary technology after IBM. But op...
Tenable Network Security Validated for PCI DSS 3.0 for VMware
June 10, 2014Today, we announced that all Tenable solutions have been validated by Coalfire for use in VMware environments for Payment Card Industry Data Security Standard (PCI DSS) version 3.0, the latest version...
New Nessus Configuration Checks Available for Citrix XenServer
November 25, 2013<p>A new compliance plugin is now available for Nessus customers to audit the configuration settings of Citrix XenServer. This new Nessus functionality allows you to harden your infrastructure's virtualization layer, an important component in your organization's security.</p>
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
- Virtualization