Opened 7 years ago
Closed 7 years ago
#11622 closed Bug report (fixed)
Privilege escalation vulnerability in installer due to executing uninstaller using unquoted path
Reported by: | Raymond | Owned by: | Tim Kosse |
---|---|---|---|
Priority: | high | Component: | FileZilla Client |
Keywords: | unquoted uninstall | Cc: | |
Component version: | 3.33.0.0 | Operating system type: | Windows |
Operating system version: | Win7, Server 2008 |
Description
Ticket #10832 showed this as closed in v3.17.0.1. I just updated a machine with v3.33.0.0 and our AlienValue issued similar message as in Ticket #10832 (below).
I have verified that the UninstallString is unquoted in my registry settings for both Client and Server. ray
-- Alert --
Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Client|C:\Program Files\FileZilla FTP Client\uninstall.exe
Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Server|C:\Program Files (x86)\FileZilla Server\uninstall.exe
Impact:
A local attacker could gain elevated privileges by inserting an executable file in the path of the affected service or uninstall entry.
Solution:
Either put the listed vulnerable paths in quotation by manually using the onboard Registry editor or contact your vendor to get an update
for the specified software that fixes this vulnerability.
Change History (2)
comment:1 by , 7 years ago
Owner: | set to |
---|---|
Status: | new → accepted |
comment:2 by , 7 years ago
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
Under normal circumstances this is harmless, creating c:\Program.exe requires administrative permissions. Any program able to create that file does not need to escalate privileges to begin with.
It only affects custom installations in non-standard locations.