VENOM

Discussion in 'Security' started by Ichiban, May 13, 2015.

  1. Ichiban

    Ichiban Member

    I was wondering if the Virtuozzo product used by Knownhost is affected by the VENOM 0-day.
     
  2. KH-Tyler

    KH-Tyler Super Moderator Staff Member

    Great question Ichiban :)

    There is a lot of chatter on the web right now concerning VENOM however, luckily we are not vulnerable. VENOM, CVE-2015-3456 is a QEMU FDC (floppy disk controller) vulnerability primarily effecting Xen and KVM. Our current virtualization technologies are Virtuozzo and OpenVZ which leaves us unaffected.

    Keep in mind that while controlled execution of arbitrary code is possible there have been no reported exploits. The vulnerability requires root or admin privledges on the guest operating system leaving it unattractive as an attack against the VPS itself. Should VPS users be worried about an attacker targeting their server? Not likely, this is more of a concern for the VPS provider or someone running the virtualization software on a dedicated server.
     
  3. Ichiban

    Ichiban Member

    Thanks, Tyler! I was hoping that was the answer. :)
     

Share This Page