From User to Root: Exploiting a Privilege Escalation Bug in Azure Storage Utility
A critical privilege escalation vulnerability has been discovered in AZNFS-mount , a utility preinstalled on Azure HPC/AI Linux images. The flaw, which affects all versions up to 2.0.10 , allows unprivileged users to escalate privileges to root , posing a serious threat to environments that rely on NFS access to Azure Blob storage. What Is AZNFS-Mount and Why It Matters AZNFS-mount enables mounting of Azure Storage Account NFS endpoints , simplifying data access even when IP addresses change. Installed via aznfs_install.sh , the tool includes binaries that require superuser permissions to manage mount points and DNAT rules. This utility is widely used in high-performance computing (HPC) and AI workloads in Azure. The Vulnerability: SUID Misuse and Environment Variable Exploitation At the core of the issue is the mount.aznfs binary, installed with the SUID bit (file mode 4755) , allowing any user to execute it with root privileges. It leverages the execv function to run a ...