Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
,
The « hotpatch » released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host.
« Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution, » Palo Alto Networks Unit 42 researcher Yuval
« Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution, » Palo Alto Networks Unit 42 researcher Yuval
,
The « hotpatch » released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host.
« Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution, » Palo Alto Networks Unit 42 researcher Yuval
« Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution, » Palo Alto Networks Unit 42 researcher Yuval
, ,
https://thehackernews.com/2022/04/amazons-hotpatch-for-log4j-flaw-found.html