Black Hat EU: You are Doing it Wrong: Failures in Virtualization Systems – By Claudio Criscione
Wrong Way ... Way Wrong a CC NC SA image from Bob.Fornal's Flickr stream
Virtualization aims to save money, make things simple and quick to deploy. Saving money and quick deployment are arch enemies of security
Virtualization products require security on the hypervisor level. Being able to hop from one virtual machine to another is not acceptable. Also there are a lot of products that focus on the security in the virtual machines, but virtualized infrastructure are complex by nature.
Relative lame bugs like XSS can be a big deal in virtualization infrastructures
Claudio demonstrates that live on stage, by exploiting a XSS bug in VMWare vCenter which took 1.5 years to patch.
Claudio showed us how an unprivileged user on the vCenter machine able to read a logfile contain the administrator SOAP session ID. Using this ID and Vasto administrator privileges where obtained. Until the last patch read-only access to vCenter meant that the user could take over the virtual infrastructure using standard tools.
Next attack demonstrated is against an Oracle virtual machine. Using standard “lame” exploits Claudio was able to hope from the application level administrator to the system root account.
So there are still some very simple vulnerabilities in this software.
Virtualization software is broken today, and we have to treat it accordingly. We have to make people aware that it is broken.
Virtualization infrastructures should be setup in such a way that a XSS in the management layer cannot lead to a disaster.
