0 Replies Latest reply on May 15, 2015 4:50 PM by Mitchell Sherfey

    Blade ZipKit - Venom

    Mitchell Sherfey

      "VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems."


      For more information on Venom, please goto: http://venom.crowdstrike.com/


      ZipKit  contains :

      • Component Template – “VenomVulnerability(CVE-2015-3456)”
      • Script – “Venom Scripts.zip”


      Steps to install :

      • Import the Component Template.
      • Unzip “Venom Scripts.zip” and place all the scripts present inside this to “share/sensors” folder.
      • You are all set.
      • Run the Compliance Job


      Compliance check will work on  (discovery condition is updated) :

      • RHEL 5
      • RHEL 6
      • RHEL 7


      Note on Remediation :-

      • As per RHEL advisory board,
      • Remediation should be using yum update to update the packages the following packages
        • Kvm
        • xen
        • qemu-kvm
        • qemu-kvm-rhev
      • Reboot the targets.


      Our Remediation Implementation:

      • Have used yum update to update the package.
      • Have provided the option to reboot via property – as all may not want it.