Security vulnerability issue with Windows Service Trusted Path Privilege Escalation (Bug #364)
I am using CCNet for automatic deployment. Our IT team has run a security vulnerability check on server and found that with CCNet service there is a security vulnerability related to Windows Service Trusted Path Privilege Escalation. I am not sure it is handled in any version of CCNet
here are the more details :
We are seeing this vulnerability on the CCNet application. This would allow an attacker to take control of the application and escalate privileges by replacing EXE or DLL files (DLL hijacking). Please work with the vendor to fix this issue or uninstall the application if possible.
There exists a security issue with Windows when handling the paths of services running on the system. When the service path is a long name and contains a space and not quoted, the file name becomes ambiguous. For example, consider the string "c:\program files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities in the following order:
c:\program.exe files\sub dir\program name
c:\program files\sub.exe dir\program name
c:\program files\sub dir\program.exe name
If an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM.
Further details about the vulnerability can be found at (https://www.exploit-db.com/exploits/20543/)
Successfully exploiting this security issue might allow a remote attacker to gain escalated privileges
There are no-vendor supplied patches available at this time. Workaround:
Properly enclose all the service paths with quotes if they have spaces in them.
There is no exploitability information for this vulnerability.
There is no malware information for this vulnerability.
Service Name: CCService
Image Path: C:\Program Files (x86)\CruiseControl.NET\server\ccservice.exe