Hi list,
I've been asked to look at a Xymon install which needs updating. The first thing I noticed was that the monitored Windows servers in the environment are using the old BBWin client which doesn't seem to be maintained any longer.
Checking the mailing list I've noticed that a lot of people are now using the WinPSClient so I've been trying to familiarise myself with it.
As I hadn't come across the software before, I ran the source for NSSM (the manager which runs the PS script as a service) past a C++ code analysis tool and it came out with a few /potential/ issues. The critical and high vulnerabilities are:
Critical: Use of memmove Allows Buffer Overflow
- The size limit is larger than the destination buffer, while the source is a char* and so, could allow a buffer overflow to take place.
- nssm-master\io.cpp Line 213
High: LoadLibrary
- The function searches several paths for a library if called with a filename, but no path. This can allow trojan DLLs to be deployed, regardless of the presence of the correct DLL. Manually check the code to ensure that the full path is specified.
- nssm-master\imports.cpp Line 15
I'm not a C++ programmer, but looking at the code, the findings of the analysis tool look at least possible. Has anybody else performed code scrutiny against this aspect of the solution who can confirm or deny any issues?
I also wondered if there's any particular reason why the PowerShell script can't be run at intervals by task scheduler instead of running as a service?
Thanks,
Chris