• Welcome to InfoExpress Support Forums. Please login or sign up.
 
June 25, 2021, 06:38:12 AM

News:

Please register to gain access to the private support forums.


63155 (1) - Microsoft Windows Unquoted Service Path Enumeration

Started by nauman, July 11, 2014, 11:30:44 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

nauman

Overview:
By exploiting this vulnerability a local attacker could gain elevated privileges by inserting an executable file in the path of the affected service.

Impact on InfoExpress Products:
This vulnerability can be found in most of the big name vendors such as Symantec etc. Unfortunately, InfoExpress's MARC server, also called FRAMD (Framework of Report and Manage Devices), also has this vulnerability.  MARC Server has 'cgpurge.exe' service installed that uses an unquoted service path, which contains at least one whitespace.

Solution:
InfoExpress is going to implement the fix in the future builds. Fortunately, as a workaround this vulnerability can be easily fixed. Please follow the instructions below:

1- Open registry editor on the FRAMD/MARC machine
2- Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CGPURGESVC
3- Edit the ImagePath key and add quotes as below:
    "C:\Program Files (x86)\InfoExpress\CyberServer\cgpurge.exe"
4- Once that is done, verify the changes by launching services.msc and checking properties of CyberGatekeeper Purge Service. Path to executable should be in quotes now.

NOTE:
The vulnerability can be found in CyberGatekeeper Agent & CyberGatekeeper Authentication Service as well. The workaround is similar to the above and can be fixed by editing the corresponding ImagePath keys.