"Researchers Found Security Pitfalls in IBM's Cloud Infrastructure"

Security researchers investigated IBM Cloud's Database-as-a-Service (DaaS) infrastructure and discovered several security flaws that gave them access to the internal server used to build database images for customer deployments. The demonstrated attack brings further attention to common security flaws that can result in cloud infrastructure supply chain compromises. The attack, developed by Wiz researchers, combined a privilege escalation vulnerability in IBM Cloud Databases for PostgreSQL, plaintext credentials sprinkled throughout the environment, and excessively permissive internal network access controls that enabled lateral movement within the infrastructure. The audit of IBM Cloud Databases for PostgreSQL by Wiz was part of a larger research project that examined PostgreSQL deployments across major cloud providers offering this database engine as part of their managed DaaS solutions. Wiz researchers discovered and disclosed vulnerabilities in Microsoft Azure and Google Cloud Platform (GCP) PostgreSQL implementations earlier this year. PostgreSQL, an open-source relational database engine, has been in development for over 30 years, with a focus on stability, high availability, and scalability. However, this software was not designed with a permission model appropriate for multi-tenant cloud environments in which database instances must be isolated from each other and the underlying infrastructure. The Wiz researchers examined the Logical Replication mechanism available to users while analyzing IBM Cloud's PostgreSQL implementation. The function's code revealed a SQL injection vulnerability caused by improper sanitization of the arguments passed to it, meaning they could pass any SQL query to the function, which would then execute it as the superuser. In addition, the researchers used the PostgreSQL COPY statement to execute arbitrary commands on the underlying Virtual Machine (VM) hosting the database instance, resulting in the opening of a reverse shell. This article continues to discuss the demonstrated attack on IBM's cloud infrastructure by cybersecurity researchers that allowed them to gain access to the internal server used to build database images for customer deployments.

CSO Online reports "Researchers Found Security Pitfalls in IBM's Cloud Infrastructure"