Interesting...thank you Doug.

-----Original Message-----
From: Preston, Douglas [mailto:dlpreston AT lereta DOT com] 
Sent: Tuesday, May 07, 2013 4:54 PM
To: Reynolds, Susan K.; 'veritas-bu AT mailman.eng.auburn DOT edu'
Subject: RE: Unquoted path vulnerability

I went through and updated all my registry entries that had 
C:\Program Files\ to C:\Progra~1\  
This fixes the issue.  I run on a 32 bit OS, on a 64bit OS the 1 in
progra~1
may be a different number.

The real problem is that a person could create a folder called Program
and
load an executable called Fileswhatever in there and the path of the
service
not being quoted may look in c:\Program\ instead of "c:\Program Files\"

Doug Preston

-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of
Reynolds,
Susan K.
Sent: Tuesday, May 07, 2013 1:45 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Unquoted path vulnerability

Has anyone heard of this being a security issue before:


+++

The remote Windows host has at least one service installed that uses an
unquoted service path, which contains at least one whitespace.  A local
attacker could gain elevated privileges by inserting an executable file
in
the path of the affected service.

Ensure that any services that contain a space in the path enclose the
path
in quotes.

Nessus found the following service with an untrusted path: 
  NetBackup INET Daemon : C:\Program
Files\Veritas\NetBackup\bin\bpinetd.exe

+++
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu