Security vulnerability issue with Windows Service Trusted Path Privilege Escalation (Bug #364)


Added by Shriram Jangid over 1 year ago. Updated over 1 year ago.


Status:New Start date:08/24/2016
Priority:High Due date:
Assignee:- % Done:

0%

Category:- Spent time: -
Target version:-
Affected version:1.8.5

Description

Hi,
I am using CCNet for automatic deployment. Our IT team has run a security vulnerability check on server and found that with CCNet service there is a security vulnerability related to Windows Service Trusted Path Privilege Escalation. I am not sure it is handled in any version of CCNet

here are the more details :

We are seeing this vulnerability on the CCNet application. This would allow an attacker to take control of the application and escalate privileges by replacing EXE or DLL files (DLL hijacking). Please work with the vendor to fix this issue or uninstall the application if possible.

QID:105484
Category:Security Policy
CVE ID:-
Vendor Reference-
Bugtraq ID:-
Service Modified:09/17/2015
User Modified:-
Edited:No
PCI Vuln:Yes

THREAT:
There exists a security issue with Windows when handling the paths of services running on the system. When the service path is a long name and contains a space and not quoted, the file name becomes ambiguous. For example, consider the string "c:\program files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to interpret the possibilities in the following order:
c:\program.exe files\sub dir\program name
c:\program files\sub.exe dir\program name
c:\program files\sub dir\program.exe name

If an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM.
Further details about the vulnerability can be found at (https://www.exploit-db.com/exploits/20543/)
IMPACT:
Successfully exploiting this security issue might allow a remote attacker to gain escalated privileges

SOLUTION:
There are no-vendor supplied patches available at this time. Workaround:
Properly enclose all the service paths with quotes if they have spaces in them.

COMPLIANCE:
Not Applicable

EXPLOITABILITY:
There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
Service Name: CCService
Image Path: C:\Program Files (x86)\CruiseControl.NET\server\ccservice.exe


History

Also available in: Atom PDF