Re: [Veritas-bu] Unquoted path vulnerability

2013-05-08 Thread Reynolds, Susan K.
.'; 'veritas-bu@mailman.eng.auburn.edu' Subject: Re: [Veritas-bu] Unquoted path vulnerability I went through and updated all my registry entries that had C:\Program Files\ to C:\Progra~1\ This fixes the issue. I run on a 32 bit OS, on a 64bit OS the 1 in progra~1 may be a different number. The real

Re: [Veritas-bu] Unquoted path vulnerability

2013-05-08 Thread Neil Conner
.'; 'veritas-bu@mailman.eng.auburn.edu' Subject: Re: [Veritas-bu] Unquoted path vulnerability Looks like this document disucsses the exploit in general. http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/sc-report-files/Microsoft%20Windows%20Unquoted%20Service%20Path

Re: [Veritas-bu] Unquoted path vulnerability

2013-05-08 Thread Neil Conner
.'; 'veritas-bu@mailman.eng.auburn.edu' Subject: Re: [Veritas-bu] Unquoted path vulnerability Looks like this document disucsses the exploit in general. http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/sc-report-files/Microsoft%20Windows%20Unquoted%20Service%20Path

[Veritas-bu] Unquoted path vulnerability

2013-05-07 Thread Reynolds, Susan K.
Has anyone heard of this being a security issue before: +++ The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker could gain elevated privileges by inserting an executable file in the path of the

Re: [Veritas-bu] Unquoted path vulnerability

2013-05-07 Thread Preston, Douglas
. Sent: Tuesday, May 07, 2013 1:45 PM To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] Unquoted path vulnerability Has anyone heard of this being a security issue before: +++ The remote Windows host has at least one service installed that uses an unquoted service path, which contains

Re: [Veritas-bu] Unquoted path vulnerability

2013-05-07 Thread Reynolds, Susan K.
@mailman.eng.auburn.edu Subject: [Veritas-bu] Unquoted path vulnerability Has anyone heard of this being a security issue before: +++ The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker could gain

Re: [Veritas-bu] Unquoted path vulnerability

2013-05-07 Thread Lightner, Jeff
.'; 'veritas-bu@mailman.eng.auburn.edu' Subject: Re: [Veritas-bu] Unquoted path vulnerability I went through and updated all my registry entries that had C:\Program Files\ to C:\Progra~1\ This fixes the issue. I run on a 32 bit OS, on a 64bit OS the 1 in progra~1 may be a different number. The real

Re: [Veritas-bu] Unquoted path vulnerability

2013-05-07 Thread Reynolds, Susan K.
: [Veritas-bu] Unquoted path vulnerability I went through and updated all my registry entries that had C:\Program Files\ to C:\Progra~1\ This fixes the issue. I run on a 32 bit OS, on a 64bit OS the 1 in progra~1 may be a different number. The real problem is that a person could create a folder called

Re: [Veritas-bu] Unquoted path vulnerability

2013-05-07 Thread Brooks, Jason
: [Veritas-bu] Unquoted path vulnerability Looks like this document disucsses the exploit in general. http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/sc-report-files/Microsoft%20Windows%20Unquoted%20Service%20Path%20Enumeration.pdf It appears someone solved a similar issue