CyberWire Daily A fine pearl gone rusty. [Research Saturday]
Nov 8, 2025
Tal Peleg is a Senior Product Manager at Varonis, specializing in security research, and Coby Abrams is a cybersecurity researcher who provided essential analysis for the Rusty Pearl vulnerability. They delve into the implications of remote code execution in Postgres, discussing a specific flaw that could lead to data theft. Their exploration highlights essential security practices, including the importance of patching and managing cloud environments. They also share insights from their presentations at DEF CON, emphasizing the need for proactive data hygiene in the cloud.
AI Snips
Chapters
Transcript
Episode notes
SQL Injection Led To Deep Postgres Probe
- Tal found a major SQL injection while auditing a ticketing system and set up a Postgres instance on AWS RDS to explore impact.
- He discovered the RDS administrative user lacked superuser privileges, prompting searches for privilege escalation via extensions.
Extensions Multiply Attack Surface
- Extensions are less-tested attack surfaces compared with core Postgres and can expose unexpected interactions.
- Third-party or seldom-used extensions may introduce vulnerabilities not covered by core database audits.
Perl Extension Exposed Environment Variables
- Tal inspected the Perl language extension and found it exposed a magic variable that could set environment variables.
- He confirmed the Perl interface allowed editing environment variables, a privileged operation normally reserved for superusers.