Improper Access Control Affecting govulncheck-vulndb package, versions <0.0.20250207T224745-150000.1.32.1


Severity

Recommended
high

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.04% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Improper Access Control vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-SLES156-GOVULNCHECKVULNDB-8715737
  • published12 Feb 2025
  • disclosed11 Feb 2025

Introduced: 11 Feb 2025

NewCVE-2024-35177  (opens in a new tab)
CWE-284  (opens in a new tab)

How to fix?

Upgrade SLES:15.6 govulncheck-vulndb to version 0.0.20250207T224745-150000.1.32.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream govulncheck-vulndb package and not the govulncheck-vulndb package as distributed by SLES. See How to fix? for SLES:15.6 relevant fixed versions and status.

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.