{"id":6524,"date":"2021-04-12T07:46:41","date_gmt":"2021-04-12T13:46:41","guid":{"rendered":"http:\/\/allidm.com\/blog\/?p=6524"},"modified":"2021-04-12T07:46:41","modified_gmt":"2021-04-12T13:46:41","slug":"azure-functions-weakness-allows-privilege-escalation","status":"publish","type":"post","link":"https:\/\/allidm.com\/blog\/azure-functions-weakness-allows-privilege-escalation\/","title":{"rendered":"Azure Functions Weakness Allows Privilege Escalation"},"content":{"rendered":"\n

A privilege-escalation vulnerability Microsoft\u2019s Azure Functions cloud container feature could ultimately allow a user to escape the container, according to researchers.<\/p>\n\n\n\n

Intezer researchers dubbed the bug \u201cRoyal Flush\u201d after a flush-to-disk limitation that an exploit would need to evade. Flushing to disk means that data is handed off to the kernel, where it\u2019s visible to other processes but may not survive a reboot.<\/p>\n\n\n\n

The firm found that Azure Functions containers run with the \u2013privileged Docker flag, which means that device files in the \/dev directory can be shared between the Docker host and the container guest. The vulnerability stems from the fact that these device files have read-write permissions for \u201cothers.\u201d<\/p>\n\n\n\n

Read more at – Azure Functions Weakness Allows Privilege Escalation<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A privilege-escalation vulnerability Microsoft\u2019s Azure Functions cloud container feature could ultimately allow a user to escape the container, according to researchers. Intezer researchers dubbed the bug \u201cRoyal Flush\u201d after a flush-to-disk limitation that an exploit would need to evade. Flushing to disk means that data is handed off to the kernel, where it\u2019s visible to […]<\/p>\n","protected":false},"author":1,"featured_media":6019,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1901],"tags":[568],"class_list":["post-6524","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-identity-access-management","tag-pam"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2018\/02\/Identity_and_Access_Management_Post.png?fit=141%2C124&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p25vfy-1He","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/comments?post=6524"}],"version-history":[{"count":1,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6524\/revisions"}],"predecessor-version":[{"id":6525,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6524\/revisions\/6525"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/media\/6019"}],"wp:attachment":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/media?parent=6524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/categories?post=6524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/tags?post=6524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}