Community

Unquote BinPath where windows service is located

370
2
02-20-2013 10:51 AM
michaelocasio
by
New Contributor
‎02-20-2013 10:51 AM
While scanning our servers we noticed that the loaction of the ArcGIS License Manager executable path was detected as vulnerable by the scanner. The reason is the location name of the folder contain embedded space and is not enclosed in quotes.

windows component                                                               binPath
ArcGIS License Manager                    C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe   

Is there a patch to solve this problem.....

references

https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464

http://blakhal0.blogspot.com/2012/08/hiding-files-by-exploiting-spaces-in.html
0 Kudos
2 Replies
JustinRodriguez
by
Occasional Contributor
‎02-22-2013 01:03 PM
You can install license manager to different file locations if you wanted during the install. This is the way that Windows lists the default install path for 32bit programs in a 64bit environment. I do not believe other than changing the install path during installation, there is any other way to correct this. Thanks-
0 Kudos
michaelocasio
by
New Contributor
‎02-25-2013 09:42 AM
What are you saying, during the installation there is a step which the setup show a dialog box with a path to deploy the application. If my assumption is correct then all it needs to be done is to enclose the default path in quotes and that should take care of everything.
I do not have access to the set up package, but I iwll inform the technical support to be in the look out when installing the application.
0 Kudos