Software: Non-Sucking Service Manager (NSSM) Affected Versions: NSSM 2.24 (and likely prior versions) Severity: High Vector: Local Impact: Privilege Escalation (Local System) 1. Executive Summary The Non-Sucking Service Manager (NSSM) version 2.24 is susceptible to a Local Privilege Escalation (LPE) vulnerability. NSSM is a utility used to wrap arbitrary applications as Windows Services. Due to insufficient sanitization of the application path and arguments when installed as a service, a local attacker can manipulate the service binary path to execute arbitrary code with SYSTEM privileges. 2. Technical Details NSSM allows users to install a service by specifying an application path (e.g., nssm install ServiceName "C:\Path\To\App.exe" ). While NSSM attempts to validate the executable, version 2.24 contains logic flaws regarding how it handles the executable path and command-line arguments passed to the Windows Service Control Manager (SCM). Beastforum Siterip Beastiality Animal Sex Zoophilia Link Review
If an attacker has write access to a directory involved in the service execution chain (e.g., a directory with weak permissions where the service binary resides or a path containing spaces without quotes), they can plant a malicious executable. When the service is started or restarted, the operating system or NSSM will execute the malicious file with SYSTEM privileges. Radiant Dicom Viewer Serial Number Free Free 📥
The core issue arises because the service configuration created by NSSM often relies on the unquoted service path vulnerability or allows for the injection of commands/arguments that the Service Control Manager passes directly to the CreateProcess API.