Chris Gimbel

Samange service installed uses an unquoted service path

Discussion created by Chris Gimbel on May 20, 2015

The Samange service installed uses an unquoted service path, which contains at least one whitespace. A local attacker could gain elevated privileges by inserting an executable file in the path of the affected service.

 

Could Samange release an update that encloses the service path in quotes?  This is a vulnerability from our standpoint and red flags Samanage.

 

I've attached a link for more detail:  http://www.commonexploits.com/?p=658

Outcomes