[PVE-User] Venom exploit?
Benjamin Redling
benjamin.rampe at uni-jena.de
Fri May 15 11:35:34 CEST 2015
Hi everyone,
this mail didn't find it way to the list at first:
On 2015-05-14 07:39, Iosif Peterfi wrote:
> Does this bug affects Proxmox ? As far as I'm aware, there's no option to
> add Floppy device to the VMs, not through the GUI at least.
I don't know why the ars technica article got linked _first_, instead of
the crowdstrike site:
http://venom.crowdstrike.com/
There it says:
"
For many of the affected virtualization products, a virtual floppy drive
is added to new virtual machines by default. And on Xen and QEMU, even
if the administrator explicitly disables the virtual floppy drive, an
unrelated bug causes the vulnerable FDC code to remain active and
exploitable by attackers.
"
At least the article on ars technica provides further information how to
mitigate the risks when patching is not immediately possible.
Regards,
Benjamin
> On Wed, May 13, 2015 at 11:35 PM, Laurent Dumont
<admin at coldnorthadmin.com>
> wrote:
>
>> You have to love the names they come up for CVE's now. I guess marketing
>> really works after all.
>>
>> There seem to be a patch in the works for pve.
>>
>> http://pve.proxmox.com/pipermail/pve-devel/2015-May/015123.html
>>
>>
>> On 5/13/2015 4:14 PM, Paul Gray wrote:
>>
>>>
>>>
http://arstechnica.com/security/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/
>>>
>>> Apologies if this has been touched upon elsewhere, but has this been
>>> addressed?
>>>
>>> -PG
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>
>>
>> --
>> Laurent Dumont
>> coldnorthadmin.com
>>
>>
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>
>
>
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
--
FSU Jena | JULIELab.de/Staff/Benjamin+Redling.html
vox: +49 3641 9 44323 | fax: +49 3641 9 44321
-------------- next part --------------
_______________________________________________
pve-user mailing list
pve-user at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
More information about the pve-user
mailing list