Ticket #261 (closed defect: fixed)

Opened 8 years ago

Last modified 8 years ago

Startstop Service vulnerability “Unquoted Service Path Enumeration”

Reported by: stefan Owned by: stefan
Priority: critical Milestone: Windows
Component: startstop_service Version:
Keywords: Cc:

Description

Will Kohler wrote:

Hi Paul,

Once per month, the USGS scans all our internal computer systems using a product from Tenable Network Security, and our Windows PCs are getting flagged for a vulnerability in the Earthworm startstop_service module. The vulnerability is “Unquoted Service Path Enumeration”, described here:

http://www.tenable.com/sc-report-templates/microsoft-windows-unquoted-service-path-enumeration

You can see the problem by going to the Services control panel. Right-click on “Earthworm start-stop” and select Properties. Notice the “Path to executable:” isn’t enclosed in quotes. There’s a workaround described here:

http://www.commonexploits.com/?p=658

which involves editing the registry manually. Any chance we can modify startstop_service to enclose its own path in quotes?

Thanks, Will

Change History

comment:1 Changed 8 years ago by paulf

  • Status changed from new to closed
  • Resolution set to fixed

Okay, I fixed this so that the startstop_service -install will now quote the path to the executable.

During this fix I also made all of the startstop programs use the same STARTSTOP_VERSION in a new include file startstop_version.h and I upgraded the startstop version to 7.7 since we are dangerously close to release :)

Note: See TracTickets for help on using tickets.