![]() ![]() Get the log_fdw extension and create the log server as a foreign data wrapper.ĬREATE SERVER log_server FOREIGN DATA WRAPPER log_fdw I followed the documentation and created the foreign server and table.ġ. This extension enables the user to access the database engine log using a SQL interface and build foreign tables with the logs data neatly split into several columns. The log_fdw extension is supported by Amazon RDS for PostgreSQL engines of versions 9.6.2 and higher. Therefore, I decided to do some further analysis and research on the extensions hoping to find a lead. While many language extensions are supported by Amazon RDS for PostgreSQL engines, none of them were an untrusted language. The returned error suggested having a look at the rds.extensions configuration parameter. So, I thought about using an untrusted language to create a function that can execute system commands, but I couldn’t load untrusted languages such as plperlu or plpythonu. Otherwise, it was too easy □īelow is a screenshot detailing failed actions taken while attempting to use the rds_superuser role. Obviously this rds_superuser cannot run system commands, read local files or do any action related to the underline machine. Note that the “postgres” user is not a real superuser, it is a rds_superuser.ĪWS documentation describes the role as “The rds_superuser role is a predefined Amazon RDS role similar to the PostgreSQL superuser role (customarily named postgres in local instances), but with some restrictions.” I began with some basic exploration of the databases and pre-loaded roles. ![]() I created an Amazon RDS database instance using the Amazon Aurora PostgreSQL engine and connected to the database using psql. AWS also maintains their own database engine, Amazon Aurora, which has compatibility with PostgreSQL and MySQL. But just in a few words, Amazon Relational Database Service (RDS) is a managed database service that supports several different database engines such as MariaDB, MySQL, and the subject of this post: PostgreSQL. You are probably already familiar with what Amazon RDS is. Recently, the AWS team has confirmed that the vulnerability has been fixed and that no customers were affected. The vulnerability was reported to AWS Security team, who right after applied an initial patch limited only to the recent RDS and Aurora PostgreSQL engines, excluding older versions.įollowing the patch, the RDS team has personally reached out to every customer that used a vulnerable version in the last months and guided them through the upgrade process to ensure mitigation. The internal AWS service was connected to AWS internal account, related to the RDS service. Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |