high

AWS SSM agent local privilege escalation

Published Wed, Apr 20th, 2022

Platforms

Summary

The Amazon SSM Agent (used for managing EC2 instances via Amazon Systems Manager) created a world-writable sudoers file, which would have allowed local attackers to inject Sudo rules and escalate privileges to root. This could occur in certain situations involving a race condition.

Affected Services

SSM, EC2

Remediation

Update the agent to the patched version (3.1.1208)

Tracked CVEs

CVE-2022-29527

References

https://github.com/advisories/GHSA-87pw-p9qx-p46w https://github.com/aws/amazon-ssm-agent/releases/tag/3.1.1208.0 https://bugzilla.suse.com/show_bug.cgi?id=1196556

Contributed by https://github.com/mer-b

Entry Status

Finalized

Disclosure Date

Mon, Feb 28th, 2022

Exploitability Period

until 2022/04/05

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Matthias Gerstner, SUSE

More vulnerabilities...

high

Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

AWS's hotpatches for Log4shell worked as intended but introduced new container escape vulnerabilities.

Yuval Avrahami, Palo AltoApr 19, 2022

low

Privilege Escalation to SYSTEM in AWS VPN Client

The AWS VPN Client application is affected by an arbitrary file write as SYSTEM, which can lead to privilege escalation and an information disclosure vulnerability that allows the user's Net-NTLMv2...

David Yesland, Rhino SecurityApr 12, 2022

high

AWS RDS local file read

A vulnerability was discovered in the Aurora PostgreSQL log_fdw extension for Amazon Relational Database Service (RDS), allowing an attacker to read files on the EC2 host and obtain credentials for...

Gafnit Amiga, LightspinApr 11, 2022

View all