Microsoft Azure Functions Vulnerable to Docker Escape Bug
An unpatched vulnerability in Microsoft Azure Functions has been found, this was announced by Paul Litvak, a cybersecurity researcher. This could be used by an attacker to intensify privileges and escape the Docker container used for hosting them.
The trigger code is an HTTP request configured to call an Azure Function
The researchers first created an HTTP trigger to gain a foothold over the Function container
Mesh binary was identified to contain a flaw that could be exploited to grant the app user that runs the Function root permissions.
The Azure Functions triggered by HTTP requests run for very few minutes, whereas the user's code is being run in the background by an Azure-Managed container without the user managing their infrastructure.
Though Microsoft has concluded that the issue has no security impact whatsoever on Azure Functions users, there is a possibility the extended privilege assigned to the container (using the flag) can be abused to escape the Docker container and run an erratic command on the host.
This is because the Mesh binary itself is undocumented and has little information, the researchers at Intezer found references to it in a public build log of a Docker image with this path “/root/mesh/init”, which they used as a privileged escalation.
In a statement put out by Microsoft, “The vulnerability has no security impact on Functions users because the host is still protected by another defense boundary against the elevated position we reached in the container host.” This came as part of Intezer Lab’s investigation into the Azure computing infrastructure.
Azure Functions, analogous to Amazon AWS Lambda, is a serverless solution that enables users to run event-triggered code without the need to explicitly provision or manage the infrastructure while making it possible to scale and allocate resources and processing on demand.
By incorporating Docker into the mix, developers can quickly deploy and run Azure Functions in the cloud or on-premises.
A proof-of-concept (POC) exploit code has been released on GitHub by Intezer to probe the Docker host environment.
According to Intezer Lab researchers, attackers can find a way in through vulnerable third-party software, as vulnerabilities are sometimes out of the cloud user’s control.
Finally, it is of utmost importance that protective measures are put in place to identify and terminate when the hacker executes unauthorized code in your production environment.
Get similar news in your inbox weekly, for free
Share this news:
The all-in-one monitoring solution for IT admins, DevOps and SREs
Get deep visibility into the performance of your complex enterprise applications and cloud native workloads. Identify potential issues, improve productivity, and ensure that your business and end users are unaffected by downtime and substandard performance ...
How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring
We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …
IT Monitoring Powered by AIOps
Harness the power of artificial intelligence (AI) and machine learning (ML) to monitor your IT resources with Site24x7's artificial intelligence for IT operations (AIOps) and machine learning operations (MLOps). Improve mean time to repair (MTTR) issues with the help of Site24x7 AIOps ...
AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost
In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …
A Review of Zoho ManageEngine
Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …
Should I learn Java in 2023? A Practical Guide
Java is one of the most widely used programming languages in the world. It has …
The fastest way to ramp up on DevOps
You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …
Why You Need a Blockchain Node Provider
In this article, we briefly cover the concept of blockchain nodes provider and explain why …
Top 5 Virtual desktop Provides in 2022
Here are the top 5 virtual desktop providers who offer a range of benefits such …