You may already know about this, but I thought I would pass this along. A recent audit of a Windows server discovered this issue. It's an easy fix(version 2.7)
Synopsis: The remote Windows host has at least one service installed that uses an unquoted service path. Description The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker could gain elevated privileges by inserting an executable file in the path of the affected service. Solution Ensure that any services that contain a space in the path enclose the path in quotes. See Also http://isc.sans.edu/diary.html?storyid=14464 http://cwe.mitre.org/data/definitions/428.html http://www.commonexploits.com/?p=658 Risk Factor: High CVSS Base Score 7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSS Temporal Score 6.5 (CVSS2#E:F/RL:W/RC:C) Plugin Output Nessus found the following service with an untrusted path: OssecSvc : C:\Program Files (x86)\ossec-agent\ossec-agent.exe Vulnerability Publication Date: 2012/09/15 Plugin Publication Date: 2012/12/05 Plugin Last Modification Date: 2012/12/17 Public Exploit Available: True Exploitable With: Metasploit (Windows Service Trusted Path Privilege Escalation) Reg -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
