{"id":49527,"date":"2022-12-01T14:01:00","date_gmt":"2022-12-01T14:01:00","guid":{"rendered":"https:\/\/www.csoonline.com\/article\/3681450\/researchers-found-security-pitfalls-in-ibm-s-cloud-infrastructure.html#tk.rss_security"},"modified":"2022-12-01T14:01:00","modified_gmt":"2022-12-01T14:01:00","slug":"researchers-found-security-pitfalls-in-ibms-cloud-infrastructure","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/researchers-found-security-pitfalls-in-ibms-cloud-infrastructure\/","title":{"rendered":"Researchers found security pitfalls in IBM\u2019s cloud infrastructure"},"content":{"rendered":"
<\/div>\n

Security researchers recently probed IBM Cloud\u2019s database-as-a-service infrastructure and found several security issues that granted them access to the internal server used to build database images for customer deployments. The demonstrated attack highlights some common security oversights that can lead to supply chain compromises in cloud infrastructure.<\/p>\n

Developed by researchers from security firm Wiz, the attack<\/a> combined a privilege escalation vulnerability in the IBM Cloud Databases for PostgreSQL service with plaintext credentials scattered around the environment and overly permissive internal network access controls that allowed for lateral movement inside the infrastructure.<\/p>\n

PostgreSQL is an appealing target in cloud environments<\/h2>\n

Wiz\u2019 audit of the IBM Cloud Databases for PostgreSQL was part of a larger research project that analyzed PostgreSQL deployments across major cloud providers who offer this database engine as part of their managed database-as-a-service solutions. Earlier this year, the Wiz researchers also found and disclosed vulnerabilities in the PostgreSQL implementations of Microsoft Azure<\/a> and the Google Cloud Platform (GCP)<\/a>.<\/p>\n

The open-source PostgreSQL relational database engine has been in development for over 30 years with an emphasis on stability, high-availability and scalability. However, this complex piece of software was not designed with a permission model suitable for multi-tenant cloud environments where database instances need to be isolated from each other and from the underlying infrastructure.<\/p>\n

PostgreSQL has powerful features through which administrators can alter the server file system and even execute code through database queries, but these operations are unsafe and need to be restricted in shared cloud environments. Meanwhile, other admin operations such as database replication, creating checkpoints, installing extensions and event triggers need to be available to customers for the service to be functional. That\u2019s why cloud service providers (CSPs) had to come up with workarounds and make modifications to PostgreSQL\u2019s permission model to enable these capabilities even when customers only operate with limited accounts.<\/p>\n

Privilege escalation through SQL injection<\/h2>\n

While analyzing IBM Cloud\u2019s PostgreSQL implementation, the Wiz researchers looked at the Logical Replication mechanism that\u2019s available to users. This feature was implemented using several database functions, including one called create_subscription that is owned and executed by a database superuser called ibm.<\/p>\n