oss-sec mailing list archives
Re: VENOM - CVE-2015-3456
From: Solar Designer <solar () openwall com>
Date: Wed, 13 May 2015 23:57:20 +0300
On Wed, May 13, 2015 at 12:22:19PM +0000, Jason Geffner wrote:
VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms.
Some bits of contemporary history, off Twitter: <nelhage> All I have to say about VENOM is that I was exploiting obsolete hardware in qemu years before it was cool. https://blog.nelhage.com/2011/08/breaking-out-of-kvm/ <solardiz> @nelhage I think @taviso was there first, with emulated Cirrus Logic VGA (CVE-2007-1320) and NE2000 vulns in QEMU. http://taviso.decsystem.org/virtsec.pdf Alexander
Current thread:
- VENOM - CVE-2015-3456 Jason Geffner (May 13)
- Re: VENOM - CVE-2015-3456 Solar Designer (May 13)
- Re: VENOM - CVE-2015-3456 Sebastian Pipping (May 13)
- RE: VENOM - CVE-2015-3456 Jason Geffner (May 13)
- Moving in the wrong direction [was: Re: VENOM - CVE-2015-3456] mancha (May 14)
- RE: VENOM - CVE-2015-3456 Jason Geffner (May 14)
- Re: VENOM - CVE-2015-3456 Solar Designer (May 13)
- Re: VENOM - CVE-2015-3456 Marcus Meissner (May 13)
- Re: VENOM - CVE-2015-3456 Solar Designer (May 13)