Vulnerability unquoted service path

Need new test, action, option? Post request here.
Post Reply
Ben
Posts: 27
Joined: Tue Dec 04, 2018 2:15 am

Vulnerability unquoted service path

Post by Ben »

Hello,

We did another scan of one of our customer with a new tool, this one points out ActiveRMAservice to be subject of an exploit:

https://github.com/nickvourd/Windows-Lo ... icePath.md

https://techcommunity.microsoft.com/dis ... do/3298358

for reference on one of our servers:
Image

This vulnerability can be exploited to gain priviledges from the account used to launche activerma service, in our case System.

Have a good day,

Ben
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Re: Vulnerability unquoted service path

Post by KS-Soft »

Thank you for the report, problem was fixed years ago.
On old installations you just need to reinstall RMA service using rma_cfg tool or modify Windows registry (add "" marks manually)
(2nd option will help even if you cannot update software for some reasons)

Regards
Alex
Ben
Posts: 27
Joined: Tue Dec 04, 2018 2:15 am

Re: Vulnerability unquoted service path

Post by Ben »

Ok so for the installation, I guess I have to do a uninstall then reinstall, because those RMA are updated periodically when you release new versions.

I'll maybe try to fix some of it through the add of the quotes in the registry value.

Thanks for your answer.
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Re: Vulnerability unquoted service path

Post by KS-Soft »

Not software reinstall, just service reinstall.
rma_cfg (admin account) -> setup Active RMA -> Stop -> Uninstall -> Install

Regards
Alex
Ben
Posts: 27
Joined: Tue Dec 04, 2018 2:15 am

Re: Vulnerability unquoted service path

Post by Ben »

I just tried, the uninstall does indeed delete the entry \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ActiveRMAService

But after reinstalling, the path is the same under the value ImagePath and stays unquoted.

ActiveRMA Setup 4.36
Ben
Posts: 27
Joined: Tue Dec 04, 2018 2:15 am

Re: Vulnerability unquoted service path

Post by Ben »

I did update the whole package to last version, active rma setup now 4.44 and yes after reinstalling the service as you suggested, the path now has quotes.

Thanks for the help.
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Re: Vulnerability unquoted service path

Post by KS-Soft »

You are welcome :)

Regards
Alex
Post Reply