[Woc-notify] [nitc] VENOM vulnerability

Thu May 14 13:39:26 UTC 2015

VirtualBox/Mac didn't have an update last night but they do now.  

--
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu (Remote)
College of Architecture, Division of Regional and City Planning, MRCP '16
________________________________________
From: Skaggs, Gary A. [gskaggs at ou.edu]
Sent: Wednesday, May 13, 2015 20:19
To: NITC Distribution List
Subject: [nitc] FW: VENOM vulnerability

For all of you running VMs, a good/timely read.

Gary

From: <Kurz>, "Kenneth J." <kkurz at ou.edu<mailto:kkurz at ou.edu>>
Date: Wednesday, May 13, 2015 at 7:32 PM
To: Norman-Networking <network at ou.edu<mailto:network at ou.edu>>, "Security (Norman)" <security at ou.edu<mailto:security at ou.edu>>, unix_group <unix at ou.edu<mailto:unix at ou.edu>>, "Steward, Shad (HSC)" <Shad-Steward at ouhsc.edu<mailto:Shad-Steward at ouhsc.edu>>, "Saliba, Dana M. (HSC)" <Dana-Saliba at ouhsc.edu<mailto:Dana-Saliba at ouhsc.edu>>, "Moore, Randy W. (HSC)" <Randy-Moore at ouhsc.edu<mailto:Randy-Moore at ouhsc.edu>>, "Smith, Bryan E. (IT) (HSC)" <Bryan-E-Smith at ouhsc.edu<mailto:Bryan-E-Smith at ouhsc.edu>>, "Bighorse, Aaron L." <bighorse at ou.edu<mailto:bighorse at ou.edu>>, "George, Kendall A." <kendallg at ou.edu<mailto:kendallg at ou.edu>>
Subject: VENOM vulnerability

All,

Attached is the best summary I’ve seen about the VENOM vulnerability that is making headlines.  It is a vulnerability than can open access to host systems (once a running VM is compromised) and all other VM’s running on a host.  VMWare and Hyper-V are NOT affected.

The reason I forwarded on is I know there are a number of people running Virtualbox, ubuntu, redhat, etc, to run VMs.  They are all affected.  As well as products by Fireeye, F5, others, etc.  Info is at the link below.

http://venom.crowdstrike.com/

Ken

-----------------------------------------------
Ken Kurz, CISSP
Executive Director, Networking, Information Security & Risk Management
University of Oklahoma Information Technology
405-325-6441 – O
405-534-6079 – C
www.ou.edu/ouit<http://www.ou.edu/ouit>
-----------------------------------------------

---

You are currently subscribed to nitc as: plaws at ou.edu<mailto:plaws at ou.edu> .

To unsubscribe click here: http://lists.nwc.ou.edu/u?id=1311.7bb060764a818184ebb1cc0d43d382aa&n=T&l=nitc&o=706549

(It may be necessary to cut and paste the above URL if the line is broken)

or send a blank email to leave-706549-1311.7bb060764a818184ebb1cc0d43d382aa at lists.nwc.ou.edu<mailto:leave-706549-1311.7bb060764a818184ebb1cc0d43d382aa at lists.nwc.ou.edu>

---
You are currently subscribed to nitc as: woc-notify at list.woc.noaa.gov.
To unsubscribe click here: http://lists.nwc.ou.edu/u?id=47164.3d6e8cdf62c3b687501808cc1203704d&n=T&l=nitc&o=707549
or send a blank email to leave-707549-47164.3d6e8cdf62c3b687501808cc1203704d at lists.nwc.ou.edu