Questions and Answers regarding ADV-2017-013: Privilege escalation in Tableau Server

Version 1

    The following contains more details regarding the security bulletin ADV-2017-013: Unauthenticated privilege escalation when Server SAML is configured on Tableau Server

     

    Below are details on:

    • How to check if your system is vulnerable
    • The recommended fix
    • How to mitigate the vulnerability

     

    How do I know if my system is vulnerable?

     

    All of the three following conditions must be true:

    Condition #1 – You are running a vulnerable version of Tableau Server.

    Vulnerable Versions: 10.0.0 (through 10.0.10), 10.1.0 (through 10.1.8), 10.2.0 (through 10.2.2), 10.3.0

    Condition #2 - Server SAML is enabled in your organization

    1. Open Tableau Server Configuration Utility: All Programs > Tableau Server > Configure Tableau Server.
    2. In Tableau Server Configuration, click the SAML tab.

    If the dropdown option is set to either SAML authentication for the server or SAML authentication for server and for sites then you may be vulnerable. See the next bullet below to verify the authentication method.

    img1.png

    img2.png

    Important: If the dropdown option is set to either No SAML authentication or Site-specific SAML authentication only then your deployment is not vulnerable. You do not need to perform any mitigation or upgrade procedures.

    Condition #3 - Your deployment is configured for Local Authentication

    1. Open Tableau Server Configuration Utility: All Programs > Tableau Server > Configure Tableau Server.
    2. On the General tab, in the User Authentication box, determine which authentication method your deployment is configured for.

    img3.png

    If Use Local Authentication is selected, and you are running Server SAML as indicated above, then your deployment is vulnerable. Run the mitigation steps or upgrade to the latest version of Tableau Server as soon as possible.

    If Use Active Directory is selected, then your deployment is not vulnerable. You do not need to perform any mitigation or upgrade procedures.

     

    What is the recommended fix?

     

    Upgrade to one of the following Tableau Server versions:

    Tableau Server: 10.0.11

    Tableau Server: 10.1.9

    Tableau Server: 10.2.3

    Tableau Server: 10.3.1

     

    Is there a mitigation?

     

    If your organization is vulnerable to this exploit and you are unable to upgrade to a fixed version now, then follow the steps below to run the script that is attached to the Security Bulletin.

    You must run this mitigation procedure again if you add new users before upgrading to a non-vulnerable version of Tableau Server.

     

    Before you begin:

    • Back up your Tableau Server deployment according to your normal back up routine. Be sure to back up configuration and user/content data. See Back up Tableau Server Data.
    • Tableau Server must be running during the mitigation steps.
    • If you are running a distributed deployment of Tableau Server, run the attached script on the node where the active Repository is running.
    • The account running the following script must be a member of the local administrators group on the Tableau Server host.

     

    Mitigation:

    1.       Download psql_ADV-2017-013.cmd.txt that is included with the Security Bulletin. Copy the file to the "Tableau Server" directory on the computer running Tableau Server. By default, the "Tableau Server" directory is at this path:

    C:\Program Files\Tableau\Tableau Server

    2.       Remove the .txt extension from the file name. The resulting file name should be psql_ADV-2017-013.cmd.

    3.       Navigate to Windows Command Prompt, right-click and then click "Run as administrator."

    4.       In the Command Prompt, navigate to the directory where you saved psql_ADV-2017-013.cmd. For example, run the following command:

    cd "C:\Program Files\Tableau\Tableau Server"

    5.       Enter the following command to run the script:

    psql_ADV-2017-013.cmd > log.txt

    The command window where the script is executed will close automatically when the script ends. The window closes quickly in both success and failure scenarios so that the contents of the window, which may contain database secrets, are not visible.

    Verify that the script competed and confirm success or failure.

      • Open log.txt. The log.txt file will be created in the same directory where you ran the script. For example, C:\Program Files\Tableau\Tableau Server\log.txt.
      • Scroll to the bottom of the log file.
      • Success:  If you see a date stamp followed by "Script completed" entry, then the script completed successfully.
      • Failure: If you see a date stamp followed by "Exiting script before completion" entry, then the script did not complete successfully. Please contact Tableau Support.