Microsoft Windows Unquoted Service Path Enumeration - CA Service Desk Manager
Article ID: 376394
Updated On:
Products
Issue/Introduction
CVE-2013-1609
CVE-2014-0759
CVE-2014-5455
Observation: The remote Windows host has at least one service installed that uses an unquoted service path.
Nessus found the following service with an untrusted path: pdm_daemon_manager : D:\Program Files(x86)\CA\Service Desk Manager\bin\pdm_d_mgr.exe
Environment
CA Service Desk Manager 17.x
All Supported Windows Operating Systems
Resolution
Here are the steps to put the CA Service Desk Manager service path surrounded by quotes to address the Microsoft Windows Unquoted Service Path Enumeration.
1. Launch regedit.exe
2. Navigate to the Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdm_daemon_manager folder
3. Double-click on the ImagePath item.
4. Enclose the path in quotes.
From: C:\PROGRA~2\CA\SERVIC~1\bin\pdm_d_mgr.exe
To: "C:\PROGRA~2\CA\SERVIC~1\bin\pdm_d_mgr.exe"
5. See the result in the ImagePath:
6. See the result in Windows Services:
Additional Information
Always use caution when making changes to the registry. Please ensure that you either have a registry backup or a system backup before making any registry changes.
Feedback
