Security News > 2022 > April > Amazon's Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug

The "Hotpatch" released by Amazon Web Services in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host.

The issues - CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, and CVE-2022-0071 - affect the hotfix solutions shipped by AWS, and stem from the fact that they are designed to search for Java processes and patch them against the Log4j flaw on the fly but without ensuring that the new Java processes are run within the restrictions imposed on the container.

"Any process running a binary named 'java' - inside or outside of a container - is considered a candidate for the hot patch," Avrahami elaborated.

"A malicious container therefore could have included a malicious binary named 'java' to trick the installed hot patch solution into invoking it with elevated privileges."

In the subsequent step, the elevated privileges could be weaponized by the malicious 'java' process to escape the container and gain full control over the compromised server.

A rogue unprivileged process, in a similar manner, could have created and executed a malicious binary named "Java" to trick the hotpatch service into running it with elevated privileges.

News URL

https://thehackernews.com/2022/04/amazons-hotpatch-for-log4j-flaw-found.html