Can you briefly explain privilege escalation as it relates to databases? How can I determine if my organization...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
has a privilege escalation problem?
A privilege escalation attack occurs when a user is able to gain additional access to a system beyond what he or she has been authorized to have by exploiting a vulnerability in that system. Databases can have the same issues that other software has with privilege escalation: If a database function or other part of the database has a vulnerability, a user may be able to exploit the vulnerability to gain access to an account with higher privileges.
One of the biggest threats posed by privilege escalation in a database is the potential for an unauthorized user to gain access to sensitive data stored in the database, but this could also happen on a file system. Perhaps more worrisome is that some databases allow users with elevated privileges to run native programs on the operating system under the privilege of the database. A privilege escalation vulnerability could allow an attacker to fully take over the system hosting the database by running commands on the operating system.
To confirm whether your organization has a privilege escalation problem, you should first determine if databases (or other systems or applications) are running with the minimal privileges necessary for the database to operate (this will likely require assistance from DBAs who have knowledge of application privilege schemas), and then verify that users are given the minimum access necessary to do their jobs; this should also be addressed in a database security policy. To determine what operating system privileges a database is using, look at a process listing and see what user ID the database's processes are running under. If databases are found to be running with root, administrator or other privileged accounts, there is potential for a privilege escalation problem. Couple that problem with a user who has privileges to execute software or a vulnerability that allows the user to execute software from the database, and such a problem poses a serious threat.
Dig Deeper on Database Security Management
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.