As part of Axcient's ongoing efforts to ensure real time security and compliance to our community and partners, we have been notified and are receiving questions around the VENOM: QEMU vulnerability (CVE-2015-3456) that was released to the public on May 13th pertaining to a 'buffer overflow’ that can utilize a specific floppy disk component of a virtual machine environment; once compromised the guest machine could be crashed, or arbitrary code could be executed on the host.
Anchor is not at risk from VENOM targeted attacks since the VENOM vulnerability is not exploitable unless an attacker was manually granted access to our guest VMs, which they would then be able to run arbitrary code on— this is something we do not allow for Anchor deployments.
Comments
0 comments
Article is closed for comments.