James B. Byrne
2014-Apr-08 14:11 UTC
[CentOS-virt] OpenSSL Heartbeat exploit agains KVM guest systems
Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Nux!
2014-Apr-08 14:32 UTC
[CentOS-virt] OpenSSL Heartbeat exploit agains KVM guest systems
On 08.04.2014 15:11, James B. Byrne wrote:> Is it possible to use this exploit against a kvm guest to read memory > used by > the host? In other words: if an exploitable service, say httpd with > mod_ssl, > is running in guest system 'vm1' hosted on system 'virthost' then what > implications does that have with respect to guests vm2 and vm3 and to > virthost > itself?I don't think your other VMs would be in any danger. This is a classic example where you can say virtualisation can be used safely and where the technology is better than mere "containers" which would arguably put you in a bad spot. Imagine that is if a silly OpenSSL exploit could access the physical host, what a full fledged program could do. This is not the case, clearly; it would mean Google Compute Engine (and all KVM providers) would suddenly be pwned. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro
Matthew Miller
2014-Apr-08 14:39 UTC
[CentOS] OpenSSL Heartbeat exploit agains KVM guest systems
On Tue, Apr 08, 2014 at 10:11:32AM -0400, James B. Byrne wrote:> Is it possible to use this exploit against a kvm guest to read memory used by > the host? In other words: if an exploitable service, say httpd with mod_ssl, > is running in guest system 'vm1' hosted on system 'virthost' then what > implications does that have with respect to guests vm2 and vm3 and to virthost > itself?As I understand it, no. In fact, the memory read doesn't even cross normal *memory protections within* the VM -- this is not a kernel exploit. -- Matthew Miller mattdm at mattdm.org <http://mattdm.org/>