Discussion in 'Security' started by Ichiban, May 13, 2015.
I was wondering if the Virtuozzo product used by Knownhost is affected by the VENOM 0-day.
Great question Ichiban
There is a lot of chatter on the web right now concerning VENOM however, luckily we are not vulnerable. VENOM, CVE-2015-3456 is a QEMU FDC (floppy disk controller) vulnerability primarily effecting Xen and KVM. Our current virtualization technologies are Virtuozzo and OpenVZ which leaves us unaffected.
Keep in mind that while controlled execution of arbitrary code is possible there have been no reported exploits. The vulnerability requires root or admin privledges on the guest operating system leaving it unattractive as an attack against the VPS itself. Should VPS users be worried about an attacker targeting their server? Not likely, this is more of a concern for the VPS provider or someone running the virtualization software on a dedicated server.
Thanks, Tyler! I was hoping that was the answer.
Separate names with a comma.