Follow

Potential security finding from LWL products from http://www.tenable.com/plugins/index.php?view=single&id=63155

Product: Strausphere UX\ProfileUnity FlexApp

Product Version: 5.x

Expires on: 365 days from publish date

Updated: May 13, 2014

 

Problem:  The remote Windows host has at least one service installed that uses
an unquoted service path.

Description :

The remote Windows host has at least one service installed that uses
an unquoted service path, which contains at least one whitespace. A
local attacker could gain elevated privileges by inserting an
executable file in the path of the affected service.
Note that this is a generic test that will flag any application
affected by the described vulnerability.

See also :

http://isc.sans.edu/diary.html?storyid=14464
http://cwe.mitre.org/data/definitions/428.html
http://www.commonexploits.com/?p=658
http://www.nessus.org/u?4aa6acbc

 

From: http://www.tenable.com/plugins/index.php?view=single&id=63155

 

 

Possible Resolution:

Launch regedit (on the base image if composed for a pool)

 

Stop services:

 

Liquidware Labs Connector ID Serivce
Liquidware Labs Software Update Service
Liquidware Labs User Identification Service
Liquidware Labs Profile Service

 

Edit keys under:

 

HKLM\SYSTEM\CurrentControlSet\services\

 

lwlprofile
tntgrd
tntuidsvc
tntupdsvc

 

Change value "ImagePath" on each key and add "" preceding and at the end of each Exe path.

 

The next release of the Connector ID software and ProfileUnity software will include these updates.

 

The attached zip file contains .reg files that can be used with a login script or ProfileUnity config reg applet.

 

The effected services will need to be restarted once the registry changes have been made.

 

Optionally, you can script the process using the following commands.

 

net stop tntgrd

net stop tntuidsvc

net stop tntupdsvc

net stop lwlprofile

reg delete HKLM\SYSTEM\CurrentControlSet\services\tntgrd /v ImagePath /f
reg delete HKLM\SYSTEM\CurrentControlSet\services\tntuidsvc /v ImagePath /f
reg delete HKLM\SYSTEM\CurrentControlSet\services\tntupdsvc /v ImagePath /f
reg delete HKLM\SYSTEM\CurrentControlSet\services\lwlprofile /v ImagePath /f

reg add HKLM\SYSTEM\CurrentControlSet\services\tntgrd /v ImagePath /t REG_EXPAND_SZ /d "\"C:\Program Files (x86)\Liquidware Labs\Connector ID\tntgrd.exe"\" /f

net start tntgrd
reg add HKLM\SYSTEM\CurrentControlSet\services\tntuidsvc /v ImagePath /t REG_EXPAND_SZ /d "\"C:\Program Files (x86)\Liquidware Labs\Connector ID\tntuidsvc.exe"\" /f

net start tntuidsvc
reg add HKLM\SYSTEM\CurrentControlSet\services\tntupdsvc /v ImagePath /t REG_EXPAND_SZ /d "\"C:\Program Files (x86)\Liquidware Labs\Connector ID\tntupdsvc"\" /f

net start tntupdsvc
reg add HKLM\SYSTEM\CurrentControlSet\services\lwlprofile /v ImagePath /t REG_EXPAND_SZ /d "\"C:\Program Files\ProfileUnity\Profile Service\ProfileService.exe"\"  /f

net start lwlprofile

 

 

cmd attached to this KB will stop services, check for OS bit level, change necessary reg keys, and restart services.

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.