Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th October 2015
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,596
Default Xen patches 7-year-old bug that shattered hypervisor security

From http://arstechnica.com/security/2015...isor-security/ :

For seven years, Xen virtualization software used by Amazon Web Services and other cloud computing providers has contained a vulnerability that allowed attackers to break out of their confined accounts and access extremely sensitive parts of the underlying operating system. The bug, which some researchers say is probably the worst ever to hit the open source project, was finally made public Thursday along with a patch.

Further Reading
Extremely serious virtual machine bug threatens cloud providers everywhere

"Venom" allows attackers to break out of guest OS, escape into host. Patch now!
As a result of the bug, "malicious PV guest administrators can escalate privilege so as to control the whole system," Xen Project managers wrote in an advisory.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 30th October 2015
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
Join Date: Jun 2010
Posts: 429

Interesting...I seem to have overlooked the CVE number on that one.

Ahh, here's why:


No mention by CVE #.
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.

Last edited by rocket357; 30th October 2015 at 11:24 PM.
Reply With Quote

virtualization, virtualization security, xen, xen virtualization

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD a native hypervisor is coming to OpenBSD ocicat News 0 31st August 2015 08:17 PM
Security NGINX patches major security flaw J65nko News 6 23rd May 2013 01:05 PM
Security Urgent security patches for ColdFusion, Adobe Reader, Acrobat and Flash J65nko News 0 15th May 2013 04:48 PM
Xen hypervisor ported to ARM processor J65nko News 0 30th November 2011 11:26 PM
BHyVe - The BSD HyperVisor vermaden News 1 15th November 2011 03:00 PM

All times are GMT. The time now is 04:11 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick