Tanium was recently made aware of a scripting vulnerability exposed by four Sensor scripts imported by the Tanium Console during the Tanium Platform installation process. The vulnerability can be exploited on any version of the Tanium Platform running the vulnerable Sensors, and can be fixed by updating the affected Sensor scripts as described below. The vulnerability found in the four Sensors only applies to Linux, Mac, and Unix clients.
The vulnerability leverages an insecure temporary file creation process used by these Sensors. When deployed on Linux, Mac or Unix systems, non-privileged users can arbitrarily overwrite any file. The attack must coincide with a legitimate Tanium operator asking a Question using one of the affected Sensors:
- Established Connections
- Established Ports by Application
- Listen Ports
- Tanium Client Subnet
Tanium strongly advises customers to take immediate action and perform a content upgrade. Customers using version 6.2 or 6.5 of the Tanium Platform can import the content XML file linked below into the Tanium Console Authoring tab to patch the affected Sensors. Customers using version 6.5 can alternatively perform an upgrade of Initial Content to version 6.5.1.0011 or later using the solution import capability in the Solutions authoring tab in the Tanium Console to update the Sensors.
Sensor Standalone Update:
No upgrade of the Tanium Platform (including the Tanium Server, Tanium Console, and Tanium Client) is required to close this vulnerability.
Customers may contact Tanium at firstname.lastname@example.org, visit our Support Portal at http://support.tanium.com, or contact an assigned Technical Account Manager for additional information or clarification on content upgrade steps.