Azure Functions Weakness Allows Privilege Escalation

Azure Functions Weakness Allows Privilege Escalation

Microsoft's cloud-container technology allows attackers to directly write to files, researchers said.

Microsoft’s cloud-container technology allows attackers to directly write to files, researchers said.

A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could ultimately allow a user to escape the container, according to researchers.

Intezer researchers dubbed the bug “Royal Flush” after a flush-to-disk limitation that an exploit would need to evade. Flushing to disk means that data is handed off to the kernel, where it’s visible to other processes but may not survive a reboot.

The firm found that Azure Functions containers run with the –privileged Docker flag, which means that device files in the /dev directory can be shared between the Docker host and the container guest. The vulnerability stems from the fact that these device files have read-write permissions for “others.”

“The lax permissions on the device files are not standard behavior,” according to the analysis, released on Thursday.

The issue becomes a problem given that the Azure Functions environment contains 52 different partitions with file systems, which can be visible across users, according to Intezer.

“We suspected that these partitions belonged to other Azure Functions clients, but further assessment showed that these partitions were just ordinary file systems used by the same operating system, including pmem0, which is the Docker host’s file system,” researchers explained.

“This could become dangerous in the case where the attackers have access to the victims’ environment, as a low-privileges user,” Ari Eitan, vice president of research at Intezer, told Theatpost. “Using this vulnerability, an attacker can escalate privileges and do things he should not do (read files from the file system, for example).”

Further, while the bug is not a direct Docker escape vulnerability, “if a user is able to escalate to root, they would be able to escape to the Docker host using various Docker escape techniques,” he said. “Merging those two together is a great power for attackers.”

cloud security vulnerabilities azure functions weakness allows privilege escalation

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Multi-cloud Spending: 8 Tips To Lower Cost

Mismanagement of multi-cloud expense costs an arm and leg to business and its management has become a major pain point. Here we break down some crucial tips to take some of the management challenges off your plate and help you optimize your cloud spend.

Cloud Security: Is it Worth it?

Storing and managing corporate data by applying the cloud is becoming more and more popular. Companies grow, and it gets too expensive, and resources consuming to store their data on traditional servers. To prove it, look at the research conducted by Google in 2019 that includes insights for the cloud computing market for the next 10 years.

Spring Cloud Function in Azure

In this article you'll find out how Spring Cloud Function in Azure - Outlines the deployment of Spring Cloud Function as a Java Function to Azure Functions, from validation and setup to testing and deployment.

Top 7 Google Cloud Security Capabilities to Implement in your GCP Cloud

Why companies opt for Google Cloud Products as their prime cloud services for their business operations. Another thing that is of much interest is the amount of “Security” baked into these Google products. Top Seven Google Cloud Security Capabilities to Implement in your GCP Cloud Deployment.

Implementing Zero Trust Architecture on Azure Hybrid Cloud

This article outlines an approach to model NIST’s Zero Trust Security Architecture while migrating to MS Azure but still working with hybrid cloud deployments, and using tools and services offered by Azure.