oss-sec mailing list archives

Re: VENOM - CVE-2015-3456

From: Marcus Meissner <meissner () suse de>
Date: Wed, 13 May 2015 23:20:40 +0200

On Wed, May 13, 2015 at 11:57:20PM +0300, Solar Designer wrote:

On Wed, May 13, 2015 at 12:22:19PM +0000, Jason Geffner wrote:

VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer 
virtualization platforms.


Some bits of contemporary history, off Twitter:

<nelhage> All I have to say about VENOM is that I was exploiting obsolete hardware in qemu years before it was cool.  
https://blog.nelhage.com/2011/08/breaking-out-of-kvm/
<solardiz> @nelhage I think @taviso was there first, with emulated Cirrus Logic VGA (CVE-2007-1320) and NE2000 vulns 
in QEMU.  http://taviso.decsystem.org/virtsec.pdf


Yeah, we fixed a lot of them, some less, some more exploitable.

As I had some confusion on if the fdc is disabled or not in regards to
the -nodefaults, so I wrote a small PoC.

(and no, -nodefaults does not disable the fdc)

Ciao, Marcus

Attachment: xx.c
Description:

Current thread:

VENOM - CVE-2015-3456 Jason Geffner (May 13)
- Re: VENOM - CVE-2015-3456 Solar Designer (May 13)
  - Re: VENOM - CVE-2015-3456 Sebastian Pipping (May 13)
  - RE: VENOM - CVE-2015-3456 Jason Geffner (May 13)
    - Moving in the wrong direction [was: Re: VENOM - CVE-2015-3456] mancha (May 14)
  - RE: VENOM - CVE-2015-3456 Jason Geffner (May 14)
- Re: VENOM - CVE-2015-3456 Solar Designer (May 13)
  - Re: VENOM - CVE-2015-3456 Marcus Meissner (May 13)