Risk Assessments/Management, Vulnerability Management, Security Strategy, Plan, Budget, Security Architecture, Cloud Security

AWS Log4Shell fixes riddled with vulnerabilities

Threat actors could abuse serious vulnerabilities in AWS hot patches for Apache Log4j flaws to elevate privileges and escape containers, reports SecurityWeek. Installation of any of the hot patches would prompt exploitation by any server- or cluster-based container to facilitate host takeovers, a report from Palo Alto Networks' Unit 42 showed. Hot patches could also be leveraged by unprivileged processes for privilege escalation and code execution as root. Researchers also found that while certain container binaries are being retrieved by the patches to address JavaScript processes, proper containerization was not performed. "A malicious container therefore could have included a malicious binary named 'java' to trick the installed hot patch solution into invoking it with elevated privileges. The malicious ‘java’ process could then abuse its elevated privileges to escape the container and take over the underlying host," said researchers, who noted that the security issues could be exploited regardless of container configuration. AWS has already issued fixes on Tuesday to address the container escape and privilege escalation issues.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.