Unquoted/Trusted Service Paths Privilege Escalation Security Issue

immense / Remotely

A remote control and remote scripting solution, built with .NET 8, Blazor, and SignalR.

GNU General Public License v3.0

4.47k stars 1.61k forks source link

Unquoted/Trusted Service Paths Privilege Escalation Security Issue #848

Closed Daniel-Hillenbrand closed 6 months ago

Daniel-Hillenbrand commented 6 months ago

The new powershell installer is causing an unquoted/trusted service paths privilege escalation security issue when creating the Remotely service.

Details about the issue: https://juggernaut-sec.com/unquoted-service-paths/

The binary path should be escaped.

Current: New-Service -Name "Remotely_Service" -BinaryPathName "$InstallPath\Remotely_Agent.exe" Proposal: New-Service -Name "Remotely_Service" -BinaryPathName ""$InstallPath\Remotely_Agent.exe""