News item image for the Venom bug 991x261px

Venom – Virtual Server Bug

A virtual server bug is said to be worse than Heartbleed

In case you were napping, Heartbleed struck web servers’ OpenSSL security last year, opening up the servers’ memory to intruders. There’s a new so-called zero-day vulnerability, only this time the researchers who discovered it say it’s much worse, impacting millions of datacenter machines.

VMware, Microsoft Hyper-V, and Bochs hypervisors are not affected.

The flaw is called Venom, which stands for Virtualised Environment Neglected Operations Manipulation. What does that mean? With the common practice of putting multiple customers into virtual servers, datacenters are setup to share some key tools, but sensitive information remains separated. Thanks to Venom, though, a hacker can gain access to a datacenters’ entire storage network, leaving all of the customers on it vulnerable.

News item snake image for Venom bug 991x500px

As you might expect, the issue resides in an often ignored virtual floppy disk controller, but when it’s exploited, it’s like opening up a vault of stored info. Many modern virtual systems contain the bug — platforms like Oracle’s VirtualBox, KVM and Xen. The good news is Oracle says it already remedied the issue, and will fix it completely in a forthcoming update.

Read the full article here at  ZDNet

0 replies

Leave a Reply

Want to join the discussion
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *