We've ran into this on some other servers.  Double-quoting the entire path was our solution.
--------------------------------------------
Jason Brooks
Sr. Computer Systems Engineer
Longwood University
201 High St Farmville, VA 23909
<mailto:brooksje AT longwood DOT edu>
Voice: 434-395-2034
________________________________________
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu [veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Lightner, Jeff [JLightner AT water DOT com]
Sent: Tuesday, May 07, 2013 5:02 PM
To: Preston, Douglas; 'Reynolds, Susan K.'; 'veritas-bu AT mailman.eng.auburn DOT edu'
Subject: Re: [Veritas-bu] Unquoted path vulnerability

Looks like this document disucsses the exploit in general.

http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/sc-report-files/Microsoft%20Windows%20Unquoted%20Service%20Path%20Enumeration.pdf

It appears someone solved a similar issue as described here:
http://splunk-base.splunk.com/answers/69268/the-remote-windows-host-has-at-least-one-service-installed-that-uses-an-unquoted-service-path

Based on what is written in that latter it appears you might be able to solve this more specifically by searching in your registry for the INET/Netbackup thing it is complaining about and putting double quotes around it rather than the hack suggested below.





-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu [mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Preston, Douglas
Sent: Tuesday, May 07, 2013 4:54 PM
To: 'Reynolds, Susan K.'; 'veritas-bu AT mailman.eng.auburn DOT edu'
Subject: Re: [Veritas-bu] Unquoted path vulnerability

I went through and updated all my registry entries that had C:\Program Files\ to C:\Progra~1\ This fixes the issue.  I run on a 32 bit OS, on a 64bit OS the 1 in progra~1 may be a different number.

The real problem is that a person could create a folder called Program and load an executable called Fileswhatever in there and the path of the service not being quoted may look in c:\Program\ instead of "c:\Program Files\"

Doug Preston

-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Reynolds, Susan K.
Sent: Tuesday, May 07, 2013 1:45 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Unquoted path vulnerability

Has anyone heard of this being a security issue before:


+++

The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace.  A local attacker could gain elevated privileges by inserting an executable file in the path of the affected service.

Ensure that any services that contain a space in the path enclose the path in quotes.

Nessus found the following service with an untrusted path:
 NetBackup INET Daemon : C:\Program
Files\Veritas\NetBackup\bin\bpinetd.exe

+++
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu




Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu