Re: [Veritas-bu] Unquoted path vulnerability
2013-05-07 19:53:24
We've ran into this on some other servers. Double-quoting the entire path was
our solution.
--------------------------------------------
Jason Brooks
Sr. Computer Systems Engineer
Longwood University
201 High St Farmville, VA 23909
<mailto:brooksje AT longwood DOT edu>
Voice: 434-395-2034
________________________________________
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu [veritas-bu-bounces AT
mailman.eng.auburn DOT edu] On Behalf Of Lightner, Jeff [JLightner AT water DOT
com]
Sent: Tuesday, May 07, 2013 5:02 PM
To: Preston, Douglas; 'Reynolds, Susan K.'; 'veritas-bu AT mailman.eng.auburn
DOT edu'
Subject: Re: [Veritas-bu] Unquoted path vulnerability
Looks like this document disucsses the exploit in general.
http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/sc-report-files/Microsoft%20Windows%20Unquoted%20Service%20Path%20Enumeration.pdf
It appears someone solved a similar issue as described here:
http://splunk-base.splunk.com/answers/69268/the-remote-windows-host-has-at-least-one-service-installed-that-uses-an-unquoted-service-path
Based on what is written in that latter it appears you might be able to solve
this more specifically by searching in your registry for the INET/Netbackup
thing it is complaining about and putting double quotes around it rather than
the hack suggested below.
-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Preston,
Douglas
Sent: Tuesday, May 07, 2013 4:54 PM
To: 'Reynolds, Susan K.'; 'veritas-bu AT mailman.eng.auburn DOT edu'
Subject: Re: [Veritas-bu] Unquoted path vulnerability
I went through and updated all my registry entries that had C:\Program Files\
to C:\Progra~1\ This fixes the issue. I run on a 32 bit OS, on a 64bit OS the
1 in progra~1 may be a different number.
The real problem is that a person could create a folder called Program and load
an executable called Fileswhatever in there and the path of the service not
being quoted may look in c:\Program\ instead of "c:\Program Files\"
Doug Preston
-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of
Reynolds, Susan K.
Sent: Tuesday, May 07, 2013 1:45 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Unquoted path vulnerability
Has anyone heard of this being a security issue before:
+++
The remote Windows host has at least one service installed that uses an
unquoted service path, which contains at least one whitespace. A local
attacker could gain elevated privileges by inserting an executable file in the
path of the affected service.
Ensure that any services that contain a space in the path enclose the path in
quotes.
Nessus found the following service with an untrusted path:
NetBackup INET Daemon : C:\Program
Files\Veritas\NetBackup\bin\bpinetd.exe
+++
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer
---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
information and is for the sole use of the intended recipient(s). If you are
not the intended recipient, any disclosure, copying, distribution, or use of
the contents of this information is prohibited and may be unlawful. If you have
received this electronic transmission in error, please reply immediately to the
sender that you have received the message in error, and delete it. Thank you.
----------------------------------
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|