DATABASE PRIVILEGE ESCALATION

Introduction:

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions. Databases may encounter same issues that other software has with privilege escalations. Databases has a vulnerability thats why privilege escalation takes place because, in some user takes advantage on the vulnerability of the databases or systems to gain full access to the sensitive parts of a system.

Margaret Rouse writes for and manages WhatIs.com, TechTargets IT encyclopedia and learning center. She is responsible for building content that helps IT professionals learn to speak each others highly specialized languages. WhatIs.com has won many awards over the years and has been cited as an authority in major publications such as the New York Times, Time Magazine, USA Today, The Washington Times, the Miami Herald, ZDNet, PC Magazine and Discovery Magazine. Before joining TechTarget in 2000 when they acquired WhatIs.com, Margaret worked for New York State Model Schools, teaching computer science and technology integration.

Privilege escalation attack A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications. Not every system hack will initially provide an unauthorized user with full access to the targeted system. In those circumstances privilege escalation is required. There are two kinds of privilege escalation: vertical and horizontal. Vertical privilege escalation requires the attacker to grant himself higher privileges. This is typically achieved by performing kernel-level operations that allow the attacker to run unauthorized code. Horizontal privilege escalation requires the attacker to use the same level of privileges he already has been granted, but assume the identity of another user with similar privileges. For example, someone gaining access to another person's online banking account would constitute horizontal privilege escalation. Rouse, Margaret. "Privilege escalation attack." Searchsecurity.techtarget.com. < http://searchsecurity.techtarget.com/definition/privilege-escalation-attack >

Nick Lewis, Enterprise Threats Nick Lewis (CISSP) is an information security officer at Saint Louis University. Nick received his Master of Science in Information Assurance from Norwich University in 2005 and Telecommunications from Michigan State University in 2002. Prior to joining Saint Louis University in 2011, Nick worked at the University of Michigan and previous at Children's Hospital Boston, the primary pediatric teaching hospital of Harvard Medical School, as well as for Internet2 and Michigan State University.

Prevent a privilege escalation attack with database security policy

Can you briefly explain privilege escalation as it relates to databases? How can I determine if my organization has a privilege escalation problem? A privilege escalation attack occurs when a user is able to gain additional access to a system beyond what he or she has been authorized to have by exploiting vulnerability in that system. Databases can have the same issues that other software has with privilege escalation: If a database function or other part of the database has vulnerability, a user may be able to exploit the vulnerability to gain access to an account with higher privileges. One of the biggest threats posed by privilege escalation in a database is the potential for an unauthorized user to gain access to sensitive data stored in the database, but this could also happen on a file system. Perhaps more worrisome is that some databases allow users with elevated privileges to run native programs on the operating system under the privilege of the database. Privilege escalation vulnerability could allow an attacker to fully take over the system hosting the database by running commands on the operating system.

To confirm whether your organization has a privilege escalation problem, you should first determine if databases (or other systems or applications) are running with the minimal privileges necessary for the database to operate (this will likely require assistance from DBAs who have knowledge of application privilege schemas), and then verify that users are given the minimum access necessary to do their jobs; this should also be addressed in a database. To determine what operating system privileges a database is using, look at a process listing and see what user ID the database's processes are running under. If databases are found to be running with root, administrator or other privileged accounts, there is potential for a privilege escalation problem. Couple that problem with a user who has privileges to execute software or a vulnerability that allows the user to execute software from the database, and such a problem poses a serious threat. Lewis, Nick. "Prevent a privilege escalation attack with database security policy." Searchsecurity.techtarget.com. <http://searchsecurity.techtarget.com/answer/Prevent-a-privilegeescalation-attack-with-database-security-policy >