Thank you Jeff. -----Original Message----- From: Lightner, Jeff [mailto:jlight...@water.com] Sent: Tuesday, May 07, 2013 5:02 PM To: Preston, Douglas; Reynolds, Susan K.; 'veritas-bu@mailman.eng.auburn.edu' Subject: RE: Unquoted path vulnerability
Looks like this document disucsses the exploit in general. http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/sc-rep ort-files/Microsoft%20Windows%20Unquoted%20Service%20Path%20Enumeration. pdf It appears someone solved a similar issue as described here: http://splunk-base.splunk.com/answers/69268/the-remote-windows-host-has- at-least-one-service-installed-that-uses-an-unquoted-service-path Based on what is written in that latter it appears you might be able to solve this more specifically by searching in your registry for the INET/Netbackup thing it is complaining about and putting double quotes around it rather than the hack suggested below. -----Original Message----- From: veritas-bu-boun...@mailman.eng.auburn.edu [mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Preston, Douglas Sent: Tuesday, May 07, 2013 4:54 PM To: 'Reynolds, Susan K.'; 'veritas-bu@mailman.eng.auburn.edu' Subject: Re: [Veritas-bu] Unquoted path vulnerability I went through and updated all my registry entries that had C:\Program Files\ to C:\Progra~1\ This fixes the issue. I run on a 32 bit OS, on a 64bit OS the 1 in progra~1 may be a different number. The real problem is that a person could create a folder called Program and load an executable called Fileswhatever in there and the path of the service not being quoted may look in c:\Program\ instead of "c:\Program Files\" Doug Preston -----Original Message----- From: veritas-bu-boun...@mailman.eng.auburn.edu [mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Reynolds, Susan K. Sent: Tuesday, May 07, 2013 1:45 PM To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] Unquoted path vulnerability Has anyone heard of this being a security issue before: +++ The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker could gain elevated privileges by inserting an executable file in the path of the affected service. Ensure that any services that contain a space in the path enclose the path in quotes. Nessus found the following service with an untrusted path: NetBackup INET Daemon : C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe +++ _______________________________________________ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer --------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ---------------------------------- _______________________________________________ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu