VENOM – QEMU vulnerability – CVE-2015-3456

VENOM vulnerability also known as QEMU exploit is the most recent vulnerability reported on May 13, 2015 and it is discovered by Jason Geffner while performing a security review of virtual machine hypervisors.

VENOM stands for “Virtualized Environment Neglected Operations Manipulation”.

This venom exploits QEMU, an open source machine emulator. The venom CVE-2015-3456 vulnerability resides in the virtual floppy drive code (FDC) used by the virtualization platforms. If it gets exploited, it allows an attacker to gain full control of the operating system hosting them and as well as on the other guest VMs running on the same host machine.

This is an Image

Failure to mitigate this issue, this exploited virtual machine escape could open access to the host system and all other VMs running on that host, potentially giving elevated access to the host’s local network and adjacent systems running on the network.

Generally, to eliminate the possibility of exploitation, proceed with the following.

To install the updates using the yum package manager, execute the command given below.

yum update

To update the QEMU package and its dependencies alone, execute the command given below.

yum update qemu-kvm

Load Balancing via Round Robin DNS

Round robin is a balancing mechanism used by the DNS servers which is usually used for sharing the network load and managing the load of geographically distributed Web servers. The DNS server that uses the round robin mechanism will provide alternates for each client request.

Concept :-

Suppose, you have a domain name and three identical home pages hosted on three servers with three different IP addresses. By using Round Robin DNS, when one user accesses the home page, the request will be sent to the first IP address. The second user who accesses the home page will be sent to the next IP address, and the third user will be sent to the third IP address.
In each case, once the IP address is used out or taken, then that particular IP address will goes to the end of the list. Therefore, the fourth user will be sent to the first IP address, and so on. Thus, we can distribute the load across several servers with identical configuration. Continue reading…