Microsoft Windows Unquoted Service Path Enumeration - SRAdmin and SdmConnectorService
search cancel

Microsoft Windows Unquoted Service Path Enumeration - SRAdmin and SdmConnectorService

book

Article ID: 234256

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction


Plugin Name: Microsoft Windows Unquoted Service Path Enumeration
Port: 445
CVE-2013-1609,CVE-2014-0759,CVE-2014-5455
Nessus found the following service with an untrusted path: sradmin : C:\Program Files (x86)\SRAdmin\sradmin.exe

Solution: Ensure that any services that contain a space in the path enclose the path in quotes.

Environment

Release : 20.2, 21.2

Component : SpectroSERVER and OneClick

Cause


The SRAdmin service path is not enclosed in quotes.

Resolution

 

Here are the steps to put the SRAdmin service path surrounded by quotes to address the Microsoft Windows Unquoted Service Path Enumeration.

1. Launch the regedit.exe

2. Navigate to the Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sradmin folder



3. Double-click on the ImagePath item.

4. Enclose the path in quotes.

From: C:\Program Files (x86)\SRAdmin\sradmin.exe

To: "C:\Program Files (x86)\SRAdmin\sradmin.exe"





5. See the result in the ImagePath:






6. See the result in Windows Services:

Additional Information

The same process can be used for the SdmConnectorService.

The path in regedit is 

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SdmConnectord

here it is before the fix 

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=74Opn0CgstO4WC4U9rJ70Q==

and here afterwards.

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=dO8uGUzkU9EJDIAdoWkPsQ==

Powered by Wolken Software