[CentOS-virt] OpenSSL Heartbeat exploit agains KVM guest systems
Nux!
nux at li.nux.ro
Tue Apr 8 14:32:33 UTC 2014
On 08.04.2014 15:11, James B. Byrne wrote:
> Is it possible to use this exploit against a kvm guest to read memory
> used by
> the host? In other words: if an exploitable service, say httpd with
> mod_ssl,
> is running in guest system 'vm1' hosted on system 'virthost' then what
> implications does that have with respect to guests vm2 and vm3 and to
> virthost
> itself?
I don't think your other VMs would be in any danger.
This is a classic example where you can say virtualisation can be used
safely and where the technology is better than mere "containers" which
would arguably put you in a bad spot.
Imagine that is if a silly OpenSSL exploit could access the physical
host, what a full fledged program could do. This is not the case,
clearly; it would mean Google Compute Engine (and all KVM providers)
would suddenly be pwned.
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
More information about the CentOS-virt
mailing list