|
Re: [Veritas-bu] Unquoted path vulnerability
2013-05-07 17:04:49
Thank you Jeff.
-----Original Message-----
From: Lightner, Jeff [mailto:JLightner AT water DOT com]
Sent: Tuesday, May 07, 2013 5:02 PM
To: Preston, Douglas; Reynolds, Susan K.;
'veritas-bu AT mailman.eng.auburn DOT edu'
Subject: RE: Unquoted path vulnerability
Looks like this document disucsses the exploit in general.
http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/sc-rep
ort-files/Microsoft%20Windows%20Unquoted%20Service%20Path%20Enumeration.
pdf
It appears someone solved a similar issue as described here:
http://splunk-base.splunk.com/answers/69268/the-remote-windows-host-has-
at-least-one-service-installed-that-uses-an-unquoted-service-path
Based on what is written in that latter it appears you might be able to
solve this more specifically by searching in your registry for the
INET/Netbackup thing it is complaining about and putting double quotes
around it rather than the hack suggested below.
-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Preston,
Douglas
Sent: Tuesday, May 07, 2013 4:54 PM
To: 'Reynolds, Susan K.'; 'veritas-bu AT mailman.eng.auburn DOT edu'
Subject: Re: [Veritas-bu] Unquoted path vulnerability
I went through and updated all my registry entries that had C:\Program
Files\ to C:\Progra~1\ This fixes the issue. I run on a 32 bit OS, on a
64bit OS the 1 in progra~1 may be a different number.
The real problem is that a person could create a folder called Program
and load an executable called Fileswhatever in there and the path of the
service not being quoted may look in c:\Program\ instead of "c:\Program
Files\"
Doug Preston
-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of
Reynolds, Susan K.
Sent: Tuesday, May 07, 2013 1:45 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Unquoted path vulnerability
Has anyone heard of this being a security issue before:
+++
The remote Windows host has at least one service installed that uses an
unquoted service path, which contains at least one whitespace. A local
attacker could gain elevated privileges by inserting an executable file
in the path of the affected service.
Ensure that any services that contain a space in the path enclose the
path in quotes.
Nessus found the following service with an untrusted path:
NetBackup INET Daemon : C:\Program
Files\Veritas\NetBackup\bin\bpinetd.exe
+++
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer
---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
confidential information and is for the sole use of the intended
recipient(s). If you are not the intended recipient, any disclosure,
copying, distribution, or use of the contents of this information is
prohibited and may be unlawful. If you have received this electronic
transmission in error, please reply immediately to the sender that you
have received the message in error, and delete it. Thank you.
----------------------------------
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|
