Virtualization Vulnerability Analysis

How to Patch VENOM Vulnerability [CVE-2015-3456] on Linux

Recently a new vulnerability known as VENOM discover by Jason GeFFner  a buffer overflow vulnerability affecting the Floppy Disk Controller emulation and this bug FDC mostly affected are virtualization platforms and applications including KVM,, Virtualbox ,Xen and native QEMU client

What is the VENOM security bug (CVE-2015-3456)?
An out-of-bounds memory access flaw was found in the way QEMU’s virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the hosting QEMU process.

How was the Venom vulnerability discovered?
Jason Geffner, CrowdStrike Senior Security Researcher, discovered the vulnerability while performing a security review of virtual machine hypervisors. After verifying the vulnerability, CrowdStrike responsibly disclosed VENOM to the QEMU Security Contact List, Xen Security mailing list, Oracle security mailing list, and the Operating System Distribution Security mailing list on April 30, 2015.

A list of affected Linux distrobutions:

Ubuntu:

  • Ubuntu (vivid)
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Redhat

  • RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x
  • CentOS Linux version 5.x, 6.x and 7.x
  • OpenStack 5 for RHEL 6
  • OpenStack 4 for RHEL 6
  • OpenStack 5 for RHEL 7
  • OpenStack 6 for RHEL 7
  • Red Hat Enterprise Virtualization 3

Debian:

  • Debian Linux code named stretch, sid, jessie, squeeze, and wheezy [and all other distro based on Debian]

Suse Linux:

  • SUSE Linux Enterprise Server 10 Service Pack 4 (SLES 10 SP3)
  • SUSE Linux Enterprise Server 10 Service Pack 4 (SLES 10 SP4)
  • SUSE Linux Enterprise Server 11 Service Pack 1 (SLES 11 SP1)
  • SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2)
  • SUSE Linux Enterprise Server 11 Service Pack 3 (SLES 11 SP3)
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Expanded Support 5, 6 and 7

 

1. To patch VENOM Vulnerability on Ubuntu Linux, Open a terminal and type the following command as a root user.

After applying updates, reboot your virtual machines or system.

2. To patch VENOM Vulnerability on Debian Linux, Open a terminal and type the following command as a root user.

3.To patch VENOM Vulnerability on CentOS/RHEL and Fedora Linux, Open a terminal and type the following command as a root user.

Then reboot the virtual machines.

4. After applying updates, reboot your virtual machines or hypervisor.

For more info about Venom bug:

I started blogging around 2011 at #Ubuntupirates, #ProjectX and #pir8geek, I’m currently working as Network/Linux SysAdmin.

I’m a Linux,opensource advocate and interested in network security and InfoSec.

Leave a Reply