The Department of Defense, through DISA, provides advanced information technology and immediate communications support to the president, vice president, secretary of defense, military services and combatant commands. DISA offers solutions and enhanced capabilities that enable its customers to make rapid decisions using real-time information and turn these decisions into critical strategic, operational and tactical actions (see www.disa.mil).
DISA's cloud computing infrastructure, known as RACE (Rapid Access Computing Environment), will serve a potential user base of around three million DOD personnel, enabling users to describe their computing needs and gain rapid access to a fully functional environment. The requesting personnel will utilize a custom version of Moab Access Portal for Clouds™ to graphically request resources from anywhere with Web access. The portal interfaces with Moab Cloud Service™, which analyzes information collected from HP and government tools to evaluate resource availability, enforce SLA constraints, validate payment and then orchestrate the provisioning of a fully functional and secured computing environment.
Using the DISA cloud, requesters are able to specify what they want to accomplish and describe the resources needed. The Moab cloud service applies highly sophisticated scheduling intelligence and workflow infrastructure to optimally map new requests to available resources while automatically addressing security needs, resource failures, workload surges, dynamic changes to existing allocations, and other conditions.
Prior to the cloud solution from Moab and HP, DISA manually evaluated, created, configured and secured compute environments using a labor-intensive and time-consuming process. The additional burden of manually contending with hardware failures, changing schedules and payment issues compounded the difficulties of managing this environment. Moab's unique design allows DISA to automatically and intelligently handle all of these processes with a solution that adapts to real-world disruptions.
The Moab cloud service works in conjunction with HP's enterprise provisioning tool, HP Operations Orchestration, and HP Service Manager, which inform Moab of resource availability, system failures, critical events and changing customer needs. The resulting solution unifies and simplifies the management of DISA's cloud provisioning into a comprehensive offering. The collective power of these elements empowers DISA to ensure all compute resources are used effectively.
vulnerable software: VMware Workstation 6.0 for Windows, possible some other VMware products as well type of vulnerability: DoS, potential privilege escalation I found a vulnerability in VMware Workstation 6.0 which allows an unprivileged user in the host OS to crash the system and potentially run arbitrary code with kernel privileges. The issue is in the vmstor-60 driver, which is supposed to mount VMware images within the host OS. When sending the IOCTL code FsSetVoleInformation with subcode FsSetFileInformation with a large buffer and underreporting its size to at max 1024 bytes, it will underrun and potentially execute arbitrary code. Security focus
Comments
Post a Comment