Security News > 2021 > April > Azure Functions Weakness Allows Privilege Escalation

The firm found that Azure Functions containers run with the -privileged Docker flag, which means that device files in the /dev directory can be shared between the Docker host and the container guest.

The issue becomes a problem given that the Azure Functions environment contains 52 different partitions with file systems, which can be visible across users, according to Intezer.

"We suspected that these partitions belonged to other Azure Functions clients, but further assessment showed that these partitions were just ordinary file systems used by the same operating system, including pmem0, which is the Docker host's file system," researchers explained.

"At first, we tried to edit the file's contents using the zap block command by directly editing file system blocks' contents," according to the analysis.

With the ability to edit arbitrary files belonging to the Docker host, an attacker can make changes to the /etc/ld.

Preload file, researchers explained - which would allow a "Preload-hijack" attack that spreads a malicious shared object through the container's diff directory.

News URL

https://threatpost.com/azure-functions-privilege-escalation/165307/