VENOM Vulnerability - Thoughts?

the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
I was actually surprised that I hadn't heard about this till today from a coworker. After reading up it's not possible to remotely scan for it or to remotely execute it so I'm not worried too much. Plus there are patches for the affected software and VMWare along with Microsoft aren't vulnerable. Will it keep you up at night or just a little over blown?
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff

Comments

  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    I'm running VMWare so it doesn't keep me up at night. It's realistically only going to affect a small number of targets, but on those it could have serious affects. The main concern is that in data centers that use affected software anyone could spin up a VM that they have root/sys on and exploit it. All you need is one good target.
  • ramrunner800ramrunner800 Member Posts: 238
    I think this could have been incredibad but Crowdstrike said they disclosed the vuln to vendors two weeks prior to public disclosure, which seems pretty responsible of them. This is why it was possible for vendors to patch everything up before exploits made it into the wild. Given how commonly platforms like KVM are used, it could have been so much worse. VM escapement attacks on things like AWS? Scary to think about. That said, I don't think there's too much to worry about at this point.
    Currently Studying For: GXPN
  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    Yeah I did a lot of research on it and felt it was overblown a bit. I do know that it was reported that AWS doesn't appear to be susceptible to it. But as stated, everyone has a patch for it so things should be good to go.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • joehalford01joehalford01 Member Posts: 364
    I think the hype has more to do with the fears of the "cloud" being actualized. Feeds the paranoia.
  • beadsbeads Senior Member Member Posts: 1,506 ■■■■■■■■■□
    Venom isn't all that scary if your talking VMware. Other VM products - possibly. The
    "Logjam" vulnerability affecting about 9% of all websites? Now, that one has some sharp teeth.

    -b/eads
  • --chris----chris-- Member Posts: 1,516 ■■■■■□□□□□
    the_Grinch wrote: »
    Yeah I did a lot of research on it and felt it was overblown a bit. I do know that it was reported that AWS doesn't appear to be susceptible to it. But as stated, everyone has a patch for it so things should be good to go.

    This^. I spent 30 minutes reading into it, from what I gather you need to have root access on a VM that is hosted on the same physical host. Then the target VM needs the virtual floppy drive enabled (which apparently isn't that uncommon). Then there was one more consideration beyond that that would then potentially allow remote execution of code.

    I don't have years of expertise to back this up, but it does not seem to have the same potential as a "heart bleed" type of vuln.

    AWS says they were never vulnrable to this:
    XSA Security Advisory CVE-2015-3456

    Digital Ocean says they fixed it pronto:
    https://www.digitalocean.com/company/blog/update-on-CVE-2015-3456/


  • ramrunner800ramrunner800 Member Posts: 238
    --chris-- wrote: »
    AWS says they were never vulnrable to this:
    XSA Security Advisory CVE-2015-3456

    Amazon doesn't say they were never vulnerable. Amazon says that on the day of public disclosure there was no risk to customer data. Amazon received notice of the vulnerability 2 weeks before the public did, and had plenty of time to patch. I've learned the hard way that you need to read security information precisely.
    Currently Studying For: GXPN
Sign In or Register to comment.