Researchers have discovered a high-severity vulnerability in PostgreSQL’s PL/Perl trusted language extension that could allow attackers to execute arbitrary code. The flaw, tracked as CVE-2024-10979, received a CVSS score of 8.8.
CVE-2024-10979
- Vulnerability Type: Environment variable manipulation in PostgreSQL PL/Perl.
- Impact: Arbitrary code execution capability.
- Affected Versions: All versions before: PostgreSQL 17.1 PostgreSQL 16.5 PostgreSQL 15.9 PostgreSQL 14.14 PostgreSQL 13.17 PostgreSQL 12.21.
Technical Details
The trusted PL/Perl implementation of PostgreSQL has a vulnerability. It allows unprivileged database users to change important environment variables such as PATH. What makes this dangerous is that attackers can exploit it with no need of leveraging operating system access.
Timeline
- Discovery: Reported by Varonis researchers Tal Peleg and Coby Abrams.
- Fix Release: November 14, 2024
- Public Disclosure: November 15, 2024
Attack Vector
Threat actors can:
- Modify environment variables.
- Manipulate the PATH to execute arbitrary code.
- Execute queries to retrieve system data.
- Potentially escalate privileges.
To identify potentially vulnerable functions, run:
1 2 3 4 |
SELECT proname, prosrc FROM pg_proc WHERE prolang = (SELECT oid FROM pg_language WHERE lanname = 'plperl') AND prosrc LIKE '%$ENV{%'; |
Mitigation Steps
- Update to the latest minor version of PostgreSQL
- Review and restrict CREATE EXTENSIONS permissions
- Limit shared_preload_libraries to required extensions only
Just keep in mind, these are immediate actions to put the fire out. Ideally, to avoid these type of attack vector to one of the best mitigation step in the long run is to implement the principle of least privilege for CREATE FUNCTION permissions. And of course, monitoring and setting up alerts do wonders!
Network Security Architecture
To address this vulnerability, it’s necessary to deploy strong network segmentation in order to separate database servers and enforce Zero Trust for database access.
While Zero Trust is a bit complex to set everywhere, you can leverage this concept step by step.
This requires explicitly verifying every connection, strictly limiting access based on minimum privileges, and continuously monitoring database operations to address potential security issues.
Container & Infrastructure Security
PostgreSQL security can be enhanced by combining well-configured SELinux or AppArmor profiles with routine IaC security scans to detect vulnerabilities prior to deployment.
Monitoring & Detection Strategy
As mentioned previously, monitoring is essential. A thorough monitoring strategy should prioritize DAM solutions to detect suspicious modifications to environmental variables, unusual patterns in PL/Perl function creation, and potential escalations of privileges.
Photo by Ales Nesetril on Unsplash.
Stay Safe!