Re: OpenSSL Heartbeat exploit agains KVM guest systems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08.04.2014 15:11, James B. Byrne wrote:
> Is it possible to use this exploit against a kvm guest to read memory 
> used by
> the host?  In other words: if an exploitable service, say httpd with 
> mod_ssl,
> is running in guest system 'vm1' hosted on system 'virthost' then what
> implications does that have with respect to guests vm2 and vm3 and to 
> virthost
> itself?

I don't think your other VMs would be in any danger.
This is a classic example where you can say virtualisation can be used 
safely and where the technology is better than mere "containers" which 
would arguably put you in a bad spot.

Imagine that is if a silly OpenSSL exploit could access the physical 
host, what a full fledged program could do. This is not the case, 
clearly; it would mean Google Compute Engine (and all KVM providers) 
would suddenly be pwned.

Lucian

-- 
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro
_______________________________________________
CentOS-virt mailing list
CentOS-virt@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos-virt




[Index of Archives]     [CentOS Users]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [X.org]     [Xfree86]     [Linux USB]

  Powered by Linux