Email
Password
Remember meForgot password?
    Log in with Twitter

article imageWhat you need to know about 'Venom', billed Heartbleed 2 by some

By James Walker     May 14, 2015 in Technology
An "extremely critical" bug has been found in virtualisation software relied on by web hosts across the Internet. Named "Venom", some have been calling it "Heartbleed 2.0" as it could allow an attacker to gain access to the entire contents of a server.
ArsTechnica reports how the critical exploit would allow attackers to gain access to every file on a web server. Web hosts typically give each new user a protected virtual environment that acts as though it is its own server but in reality it is running from one physical server.
"Venom" would allow an attacker to escape their own virtual zone and break into the main server. From there, they could create absolute chaos for the web host, deleting whole sites from the server, changing privileges or just sifting through data stored in the virtual environments of other users.
In great exploit-finding spirit, the major bug is caused by an archaic form of deprecated technology: a virtual floppy disk controller built by virtual machine provider QEMU. This driver is used in virtualisation platforms by several other major companies too though including Xen and KVM.
The Venom exploit would allow hackers to gain access to an entire cloud web server
The Venom exploit would allow hackers to gain access to an entire cloud web server
CrowdStrike
The details of the issue are relatively straight-forward which led to a fix being provided by QEMU and Xen within hours of the publication of the report, created by security firm CrowdStrike. The vulnerability was discovered by Jason Geffner, Senior Security Researcher, during a review of virtual machine system security. Other cloud platforms including Red Hat, Citrix and Digital Ocean have also all now provided fixes.
CrowdStrike described Venom in simple terms in its report, saying that the vulnerability "may allow an attacker to escape from the confines of an affected virtual machine guest and potentially obtain code-execution access to the host."
It is unknown whether Venom has ever been exploited in the past. With the issue now safely fixed by all of the key providers, it is up to system administrators to ensure that their virtual machines are updated if affected.
Venom was initially compared to Heartbleed by several journalists online but in reality is substantially different and less serious. Heartbleed allowed anybody to read the memory of OpenSSL systems used to send data securely over the internet remotely while Venom exists on web hosts and in data centres and requires an attacker to have access to a virtual environment on the server before carrying out the exploit.
More about Internet, Venom, heartbleed, Server, exploit
 
Latest News
Top News