Can you briefly explain privilege escalation as it relates to databases? How can I determine if my organization has a privilege escalation problem?
A privilege escalation attack occurs when a user is able to gain additional access to a system beyond what he or she has been authorized to have by exploiting a vulnerability in that system. Databases can have the same issues that other software has with privilege escalation: If a database function or other part of the database has a vulnerability, a user may be able to exploit the vulnerability to gain access to an account with higher privileges.
One of the biggest threats posed by privilege escalation in a database is the potential for an unauthorized user to gain access to sensitive data stored in the database, but this could also happen on a file system. Perhaps more worrisome is that some databases allow users with elevated privileges to run native programs on the operating system under the privilege of the database. A privilege escalation vulnerability could allow an attacker to fully take over the system hosting the database by running commands on the operating system.
To confirm whether your organization has a privilege escalation problem, you should first determine if databases (or other systems or applications) are running with the minimal privileges necessary for the database to operate (this will likely require assistance from DBAs who have knowledge of application privilege schemas), and then verify that users are given the minimum access necessary to do their jobs; this should also be addressed in a database security policy. To determine what operating system privileges a database is using, look at a process listing and see what user ID the database's processes are running under. If databases are found to be running with root, administrator or other privileged accounts, there is potential for a privilege escalation problem. Couple that problem with a user who has privileges to execute software or a vulnerability that allows the user to execute software from the database, and such a problem poses a serious threat.
This was first published in August 2010