-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows Service contain spaces and are not encapsulated within quotes: #192
Comments
I did not think this was exploitable. But I can see it. @awiddersheim do you have time to look at this? @ossec think a fix to this should get pulled to stable before release. |
This is a valid issue and will be labelled high risk with some security scanners. Lots of apps, including those like McAfee, have had this issue flagged. I don't necessarily agree that it is a high risk given that non-administrators usually don't have logon local rights, but it is what it is. The fix is easy. |
I will try and fix tomorrow morning. |
Thank you. I am not able to get online till Sunday maybe not Monday. Let me know if you cannot and I will go to Starbucks and patch |
This seems to have already been fixed and I think @sercanacar might be looking at an older version. I found the fixing commit below which fixes the same thing @sercanacar reported: I installed The actual service installation and how it installs now does add quotes around the string here: https://github.com/ossec/ossec-hids/blob/master/src/win32/win_agent.c#L106 This is before the |
@sercanacar You should be able to download the http://www.ossec.net/?page_id=19 This should fix the issue. Please report back if not. |
FYI, the Nessus plugin ID which flags this as a high risk finding is 63155. From the report: Synopsis: The remote Windows host has at least one service installed that uses Description Solution See Also Risk Factor: High CVSS Base Score CVSS Temporal Score Plugin Output CVE BID Xref Vulnerability Publication Date: 2012/09/15 Plugin Publication Date: 2012/12/05 Plugin Last Modification Date: 2014/03/19 Public Exploit Available: True Exploitable With: Metasploit (Windows Service Trusted Path Privilege Escalation) |
The following services contain spaces and are not encapsulated within quotes:
OssecSvc (C:\Program Files (x86)\ossec-agent\ossec-agent.exe)
A local attacker with low privileged access may be able to escalate to a high privileged role if successfully exploited.
The text was updated successfully, but these errors were encountered: