[CentOS] OpenSSL Heartbeat exploit agains KVM guest systems
Matthew Miller
mattdm at mattdm.orgTue Apr 8 14:39:46 UTC 2014
- Previous message: [CentOS] OpenSSL Heartbeat exploit agains KVM guest systems
- Next message: [CentOS] How to save a Gnome screen layout on CentOS 6.5 after logging off?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Apr 08, 2014 at 10:11:32AM -0400, James B. Byrne wrote: > Is it possible to use this exploit against a kvm guest to read memory used by > the host? In other words: if an exploitable service, say httpd with mod_ssl, > is running in guest system 'vm1' hosted on system 'virthost' then what > implications does that have with respect to guests vm2 and vm3 and to virthost > itself? As I understand it, no. In fact, the memory read doesn't even cross normal *memory protections within* the VM -- this is not a kernel exploit. -- Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
- Previous message: [CentOS] OpenSSL Heartbeat exploit agains KVM guest systems
- Next message: [CentOS] How to save a Gnome screen layout on CentOS 6.5 after logging off?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list