JANUARY 2021 |
Sudo Privilege Escalation affecting WALLIX Products – CVE-2021-3156
SUMMARY

The Qualys Research Team has discovered a heap overflow vulnerability in sudo (CVE-2021-3156), any local unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.

sudo can only be exploited locally. This means that either :

  • The user is connected on the WALLIX Bastion, through the wabadmin account, on the administration interface. This user can then exploit sudo to become root and bypass all securities of WALLIX Bastion
  • A Remote Code Exploitation (RCE) vulnerability exists in another piece of WALLIX software or third party, that will provides a local shell. After successfully exploiting this vulnerability, the attacker will be able to exploit sudo to become root. To WALLIX knowledge, an up-to-date Bastion does not have such vulnerability

 

Affected Products
  • All versions prior to WALLIX Bastion 8.0.6 (included)
  • All versions 8.1 and 8.2
Workarounds

There is no workaround to this vulnerability

 

Fixed Software

This vulnerability is fixed from the WALLIX Bastion 8.0.7 on, and 7.0.14  on.

  • A Fix Patch is available for version 8.0.6 and before (it applies for 8.1 and 8.2 versions)
  • A Fix patch is available for version 7.0.13 and before

 

These elements are available on our download site : WALLIX Support: Patches

 

Exploitation and Public Announcements

WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

On January 26, 2021, Qualys publicly disclosed this vulnerability in a security bulletin at the following link: https://blog.qualys.com

OCTOBER 2018 |
libssh Authentication Bypass Vulnerability Affecting WALLIX Products
SUMMARY

• A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.

The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass

Affected Products

Affected Products are all versions of WALLIX Bastion

Workarounds

As this impacts only configuration with SSH public key authentication on primary accounts, a workaround is to remove the public keys and use another authentication method (Password, X509, etc…)

Fixed Software

This vulnerability is fixed in the latest supported versions of our software that are available on our download site.

Exploitation and Public Announcements

• WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

• On October 16, 2018, libssh.org publicly disclosed this vulnerability in a security bulletin at the following link: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/