[CentOS-virt] OpenSSL Heartbeat exploit agains KVM guest systems

Tue Apr 8 14:11:32 UTC 2014
James B. Byrne <byrnejb at harte-lyne.ca>

Is it possible to use this exploit against a kvm guest to read memory used by
the host?  In other words: if an exploitable service, say httpd with mod_ssl,
is running in guest system 'vm1' hosted on system 'virthost' then what
implications does that have with respect to guests vm2 and vm3 and to virthost

***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3