GoogleCloudPlatform OSConfig Privilege Escalation

Google's osconfig agent was vulnerable to local privilege escalation due to relying on a predictable path inside the /tmp directory. An unprivileged malicious process could abuse this flaw to win a race condition and take over the files managed by the high privileged agent process and thus execute arbitrary commands as the root user (full capabilities). Exploitation was possible only during an osconfig recipe being deployed.

MD5 | 819b19459bc7ce2b7e573c7913774ecd

Related Posts