Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] Unquoted path vulnerability

2013-05-07 16:45:20
Subject: [Veritas-bu] Unquoted path vulnerability
From: "Reynolds, Susan K." <SUSAN.K.REYNOLDS AT saic DOT com>
To: <veritas-bu AT mailman.eng.auburn DOT edu>
Date: Tue, 7 May 2013 16:45:05 -0400 
Has anyone heard of this being a security issue before:


+++

The remote Windows host has at least one service installed that uses an
unquoted service path, which contains at least one whitespace.  A local
attacker could gain elevated privileges by inserting an executable file
in the path of the affected service.

Ensure that any services that contain a space in the path enclose the
path in quotes.

Nessus found the following service with an untrusted path: 
  NetBackup INET Daemon : C:\Program
Files\Veritas\NetBackup\bin\bpinetd.exe

+++
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Veritas-bu] NetBackup 6.5.6 client update script, Ken Olstad
Next by Date:  Re: [Veritas-bu] Unquoted path vulnerability, Preston, Douglas
Previous by Thread:  Re: [Veritas-bu] NDMP/isilon throughput question, Anurag Sharma
Next by Thread:  Re: [Veritas-bu] Unquoted path vulnerability, Preston, Douglas
Indexes:  [Date] [Thread] [Top] [All Lists]