VENOM
From HandWiki
VENOM (short for Virtualized Environment Neglected Operations Manipulation[1]) is a computer security flaw that was discovered in 2015 by Jason Geffner, then a security researcher at CrowdStrike.[2] The flaw was introduced in 2004 and affected versions of QEMU, Xen, KVM, and VirtualBox from that date until it was patched following disclosure.[3][4]
The existence of the vulnerability was due to a flaw in QEMU's virtual floppy disk controller.[5]
VENOM is registered in the Common Vulnerabilities and Exposures database as CVE-2015-3456.[6]
References
- ↑ Richard A. Clarke; Robert K. Knake (2019). The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats. Penguin. pp. 320–. ISBN 978-0-525-56197-2. https://books.google.com/books?id=ADx0DwAAQBAJ&pg=PA320.
- ↑ "VENOM Vulnerability". http://venom.crowdstrike.com/.
- ↑ Whittaker, Zack (May 13, 2015). "Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters". http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/. Retrieved 11 November 2017.
- ↑ Dan Goodin (May 14, 2015). "Extremely serious virtual machine bug threatens cloud providers everywhere". Ars Technica. https://arstechnica.com/information-technology/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/. Retrieved 11 November 2017.
- ↑ Stone, Jeff (May 14, 2015). "Venom Security Flaw: Bug Exploits Floppy Drive, But Researchers Say Threat Overstated". International Business Times (IBT Media). http://www.ibtimes.com/venom-security-flaw-bug-exploits-floppy-drive-researchers-say-threat-overstated-1922070. Retrieved 11 November 2017.
- ↑ Marc Dacier; Michael Bailey; Michalis Polychronakis; Manos Antonakakis (2017). Research in Attacks, Intrusions, and Defenses: 20th International Symposium, RAID 2017, Atlanta, GA, USA, September 18–20, 2017, Proceedings. Springer. pp. 422–. ISBN 978-3-319-66332-6. https://books.google.com/books?id=I6Q5DwAAQBAJ&pg=PA422.
 |  |
