Pwning Cloud Vendors with Untraditional PostgreSQL Vulnerabilities

Security

Discover unconventional PostgreSQL vulnerabilities in Azure's Cosmos SQL service and learn how attackers can exploit them, highlighting the importance of isolation and effective vulnerability sharing in cloud computing.

Key takeaways
  • Containers can be escaped, and traditional PostgreSQL vulnerabilities may not apply.
  • The WYSIWIS research team discovered unconventional PostgreSQL vulnerabilities in Azure’s Cosmos SQL service.
  • Cloud providers often share information and vulnerabilities, but it can be difficult to understand how they work.
  • Event triggers in PostgreSQL require superuser privileges, making them an attractive target for attackers.
  • Isolation is key to preventing attacks, but some cloud providers may not use it effectively.
  • The PGBase Backup utility can be used to authenticate to a database.
  • Regular expressions are used in PostgreSQL to determine what a user can do, and exploiting them can be difficult.
  • Cloud providers often use shared compute resources, which can make it easier for attackers to gain access.
  • The pg-ident file is used to determine which users can be granted superuser privileges.
  • Exploiting a chain of vulnerabilities can allow an attacker to gain access to multiple databases.
  • Cloud providers often do not share enough information about how their services work, making it difficult to understand potential vulnerabilities.
  • Isolation can be achieved through the use of dedicated virtual machines, but this is not always the case.
  • Regular expressions can be used to bypass permissions and access a database.
  • Cloud providers often do not use isolation effectively, making it easier for attackers to access multiple databases.
  • Exploiting a vulnerability in a cloud provider’s service can allow an attacker to access multiple databases.
  • Cloud providers often do not share enough information about their services, making it difficult to understand potential vulnerabilities.

More talks

Julian Markwort: Use Ansible to herd your Elephants! (PGConf.EU 2023)

Crypto exchanges, same same but different

Wie tauscht man eigentlich Internet?

Sensoren überall – das industrial IoT

DjancoCon 2022 | KEYNOTE: What should you have to worry about

Adam Števko - Journey to Securing the Cloud: Detecting and Fixing Misconfigurations at Datadog

JAMstack e-commerce panel discussion

AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers