Data Security, Risk Assessments/Management, Cloud Security, Security Architecture
Fixes issued for Amazon RDS bug
SecurityWeek reports that Amazon Web Services has issued updates to resolve an Amazon Relational Database Service vulnerability, which could be exploited to allow internal credential leaks.
The Amazon RDS flaw was discovered by Lightspin researcher Gafnit Amiga within the Aurora PostgreSQL engine's "log_fdw" extension, which enables SQL interface usage for database engine log access and foreign table creation. Threat actors could leverage the flaw to evade log_fdw extension validation to access files with internal credentials and other system files, according to Amiga, who reported the flaw last December. However, AWS stressed that the credentials exposed could not be leveraged to impact other customers or clusters. "No cross-customer or cross-cluster access was possible; however, highly privileged local database users who could exercise this issue could potentially have gained additional access to data hosted in their cluster or read files within the operating system of the underlying host running their database," said AWS.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds