CVE-2019-0804 Azure Linux Agent Information Disclosure Vulnerability (14th Mar 2019)

Preface: To speed up the deployment of your cloud computing readiness. Use the image deployment is faster than mounting an ISO and manually installing a VM.When system admin created images for an OpenStack provider, he will pre-installed cloud-init and haveged. Azure has similar feature, it is so called Azure WaLinuxAgent.

Vulnerability detail: An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks. An authenticated attacker who successfully exploited this vulnerability could view data in swap that is normally hidden.

My speculation: In WALA, it uses “fallocate” instead of “dd” to create swapfile. When an ext4 filesystem is used, a local attacker can call the fallocate() function, in order to read fragments of deleted files.

Remedy solution: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804