The service installation logic is implemented in dsInstallService.dll. Once new data is received from the pipe, it is decrypted as a file path, and the specified file is copied to C:\Windows\Temp\ and executed. This pipe is used to install new services, possibly for automatic upgrade purpose. The key is derived from processor type, processor frequency, operating system product id, operating system version, and hardcoded values. The pipe server employs a custom encryption function. This named pipe has an Everyone Full Control ACL and is writable by all users.
Juniper Junos Pulse (now known as Pulse Secure Desktop Client) installs a system service dsAccessService.exe, which owns a named pipe NeoterisSetupService.
“The Pulse Secure desktop client provides a secure and authenticated connection from an endpoint device (either Windows or Mac OS X) to a Pulse Secure gateway (either Pulse Connect Secure or Pulse Policy Secure).” This vulnerability only affects Windows operating system.
Vendor Provided (see vendor advisory in Solution section for details):
0 kommentar(er)
