Veritas-bu

Re: [Veritas-bu] Unquoted path vulnerability

2013-05-07 16:54:01
Subject: Re: [Veritas-bu] Unquoted path vulnerability
From: "Preston, Douglas" <dlpreston AT lereta DOT com>
To: "'Reynolds, Susan K.'" <SUSAN.K.REYNOLDS AT saic DOT com>, "'veritas-bu AT mailman.eng.auburn DOT edu'" <veritas-bu AT mailman.eng.auburn DOT edu>
Date: Tue, 7 May 2013 13:53:48 -0700
I went through and updated all my registry entries that had 
C:\Program Files\ to C:\Progra~1\  
This fixes the issue.  I run on a 32 bit OS, on a 64bit OS the 1 in progra~1
may be a different number.

The real problem is that a person could create a folder called Program and
load an executable called Fileswhatever in there and the path of the service
not being quoted may look in c:\Program\ instead of "c:\Program Files\"

Doug Preston

-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Reynolds,
Susan K.
Sent: Tuesday, May 07, 2013 1:45 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Unquoted path vulnerability

Has anyone heard of this being a security issue before:


+++

The remote Windows host has at least one service installed that uses an
unquoted service path, which contains at least one whitespace.  A local
attacker could gain elevated privileges by inserting an executable file in
the path of the affected service.

Ensure that any services that contain a space in the path enclose the path
in quotes.

Nessus found the following service with an untrusted path: 
  NetBackup INET Daemon : C:\Program
Files\Veritas\NetBackup\bin\bpinetd.exe

+++
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu