On Wed, Mar 27, 2013 at 3:03 PM, Reg <[email protected]> wrote: > You may already know about this, but I thought I would pass this along. A > recent audit of a Windows server discovered this issue. > It's an easy fix(version 2.7) >
Does this commit fix it? https://bitbucket.org/jbcheng/ossec-hids/commits/05602f1f90472645a15ae026e0a7ef5ad59b8f3d > Synopsis: The remote Windows host has at least one service installed that > uses an unquoted service path. > Description The remote Windows host has at least one service installed > that uses an unquoted service path, which contains at least one whitespace. > A local attacker could gain elevated privileges by inserting an executable > file in the path of the affected service. > Solution Ensure that any services that contain a space in the path enclose > the path in quotes. > See Also > http://isc.sans.edu/diary.html?storyid=14464 > http://cwe.mitre.org/data/definitions/428.html > http://www.commonexploits.com/?p=658 > Risk Factor: High CVSS Base Score 7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C) > CVSS Temporal Score 6.5 (CVSS2#E:F/RL:W/RC:C) > Plugin Output > Nessus found the following service with an untrusted path: OssecSvc : > C:\Program Files (x86)\ossec-agent\ossec-agent.exe > Vulnerability Publication Date: 2012/09/15 > Plugin Publication Date: 2012/12/05 > Plugin Last Modification Date: 2012/12/17 > Public Exploit Available: True Exploitable With: Metasploit (Windows > Service Trusted Path Privilege Escalation) > > Reg > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
