A Full-Featured Open-Source Framework for Image Processing |
| ||
|
|
import os import sys
NSSSM (Non-Sucking Service Manager) is a service manager for Windows that allows users to easily install, configure, and manage system services. NSSM is often used as an alternative to the built-in Windows Service Manager. A vulnerability was discovered in NSSM version 2.24 that allows for privilege escalation.
The NSSM-2.24 privilege escalation vulnerability allows an attacker to gain elevated privileges on a system. Users are recommended to update NSSM to version 2.25 or later and restrict access to the NSSM configuration directory to prevent exploitation. nssm-2.24 privilege escalation
An attacker can exploit this vulnerability by creating a malicious configuration file with elevated privileges. When a user with limited privileges attempts to start a service using NSSM, the service manager will execute the malicious configuration file, allowing the attacker to gain elevated privileges.
# Set the configuration file path in the NSSM service configuration nssm_command = f'nssm set service_name config {malicious_config_file}' os.system(nssm_command) import os import sys NSSSM (Non-Sucking Service Manager)
# Malicious configuration file path malicious_config_file = os.path.join(config_dir, ' malicious_config.txt')
# NSSM configuration directory config_dir = 'C:\\Path\\To\\NSSM\\config' The NSSM-2
The vulnerability exists due to improper handling of service configuration files. NSSM uses a configuration file to store service settings, and these files are stored in a directory that is writable by the SYSTEM user. When a user with limited privileges attempts to start a service using NSSM, the service manager will attempt to read and write to the configuration file.
# Create malicious configuration file with open(malicious_config_file, 'w') as f: f.write(' malicious content ')
# Start the service nssm_command = 'nssm start service_name' os.system(nssm_command)
A PoC exploit was created to demonstrate the vulnerability. The exploit creates a malicious configuration file with elevated privileges and sets the path to the configuration file in the NSSM service configuration.
G'MIC is an open-source software distributed under the
CeCILL free software licenses (LGPL-like and/or
GPL-compatible).
Copyrights (C) Since July 2008,
David Tschumperlé - GREYC UMR CNRS 6072, Image Team.
Home
News
Download
Resources
An Example of G'MIC Scripting
G'MIC Technical Reference
Video Tutorials
Wiki Pages
Image Gallery
Color Presets
Using libgmic
G'MIC Online
Community
Discussion Forum (Pixls.us)
Reddit
GimpChat
IRC
Report Issue
Support Us
Paypal (Through the LILA Association)