Microsoft Windows Unquoted Service Path Enumeration - SRAdmin and SdmConnectorService
Article ID: 234256
Updated On:
Products
Issue/Introduction
Plugin Name: Microsoft Windows Unquoted Service Path Enumeration
Port: 445
CVE-2013-1609,CVE-2014-0759,CVE-2014-5455
Nessus found the following service with an untrusted path: sradmin : C:\Program Files (x86)\SRAdmin\sradmin.exe
Solution: Ensure that any services that contain a space in the path enclose the path in quotes.
Environment
Release : 20.2, 21.2, 22.2, 23.3
Component : SpectroSERVER and OneClick servers
Cause
The SRAdmin service path is not enclosed in quotes.
Resolution
The issue has been fixed in DX NetOps Spectrum 23.3.9:
Symptom: The SRAdmin installation path in the Windows registry is not enclosed in double quotes.
Resolution: With this fix, Spectrum removes the dependency on the TieRegistry module. This ensures that the path is now enclosed in double quotes automatically. (DE598442, 33689377, 23.3.9)
Workaround:
Here are the steps to put the SRAdmin service path surrounded by quotes to address the Microsoft Windows Unquoted Service Path Enumeration.
1. Launch the regedit.exe
2. Navigate to the Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sradmin folder
3. Double-click on the ImagePath item.
4. Enclose the path in quotes.
From: C:\Program Files (x86)\SRAdmin\sradmin.exe
To: "C:\Program Files (x86)\SRAdmin\sradmin.exe"
5. See the result in the ImagePath:
6. See the result in Windows Services:
Additional Information
The same process can be used for the SdmConnectorService.
The path in regedit is
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SdmConnectord
here it is before the fix
and here afterwards.
Feedback
