{"id":17211,"date":"2014-10-17T09:37:49","date_gmt":"2014-10-17T09:37:49","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=17211"},"modified":"2014-10-17T09:38:51","modified_gmt":"2014-10-17T09:38:51","slug":"new-security-vulnerability-in-esxi","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=17211","title":{"rendered":"New Security Vulnerability in ESXi"},"content":{"rendered":"

VMware posted this article<\/a> where academic research has found a vulnerability with Transparent Page Sharing (TPS). Apparently they can use this to determine the \u201cprivate\u201d AES encryption key of another virtual machine. Woops \u2026 another \u201cbreakout attack\u201d for VMware. I\u2019m still waiting on the first one for Hyper-V.<\/p>\n

TPS is one of those features that vFanboys cling to when attacking Hyper-V<\/a> Dynamic Memory. Now VMware are turning if off by default (starting Q4 2014 for ESXi 5.1, and later for other versions). Hmm, this case raises questions about the security design of vSphere.<\/p>\n

I agree with VMware that the vulnerability is impractical in terms of usefulness to an attacker. But what if you could use TPS to get the private SSL key of an application server in a multi-tenant cloud, and then use that to launch man-in-the-middle attacks? That would be a serious threat.<\/p>\n

Choose your hypervisor carefully – breakout attacks are BAD.<\/p>\n

I wonder what fresh hate will be vomited in my direction by the vFanboys \ud83d\ude00 Thanks to Flemming Riis (@FlemmingRiis<\/a>) for the heads up.<\/p>\n

Technorati Tags: VMware<\/a>,Security<\/a>,Virtualisation<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"

VMware posted this article where academic research has found a vulnerability with Transparent Page Sharing (TPS). Apparently they can use this to determine the \u201cprivate\u201d AES encryption key of another virtual machine. Woops \u2026 another \u201cbreakout attack\u201d for VMware. I\u2019m still waiting on the first one for Hyper-V. TPS is one of those features that … Continue reading “New Security Vulnerability in ESXi”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[20],"tags":[190,195,103],"class_list":["post-17211","post","type-post","status-publish","format-standard","hentry","category-hyper-v","tag-security","tag-virtualisation","tag-vmware"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t