mirror of https://github.com/proxmox/mirror_qemu
b629412e9d
The custom action uses cmd.exe to run VSS Service installation
and removal which causes an interactive command shell to spawn.
This shell can be used to execute any commands as a SYSTEM user.
Even if call qemu-ga.exe directly the interactive command shell
will be spawned as qemu-ga.exe is a console application and used
by users from the console as well as a service.
As VSS Service runs from DLL which contains the installer and
uninstaller code, it can be run directly by rundll32.exe without
any interactive command shell.
Add specific entry points for rundll which is just a wrapper
for COMRegister/COMUnregister functions with proper arguments.
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423
fixes: CVE-2023-0664 (part 2 of 2)
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com>
Reported-by: Brian Wiltse <brian.wiltse@live.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| installer | ||
| vss-win32 | ||
| channel-posix.c | ||
| channel-win32.c | ||
| channel.h | ||
| commands-bsd.c | ||
| commands-common.h | ||
| commands-linux.c | ||
| commands-posix-ssh.c | ||
| commands-posix.c | ||
| commands-win32.c | ||
| commands.c | ||
| cutils.c | ||
| cutils.h | ||
| guest-agent-command-state.c | ||
| guest-agent-core.h | ||
| main.c | ||
| meson.build | ||
| qapi-schema.json | ||
| service-win32.c | ||
| service-win32.h | ||
| vss-win32.c | ||
| vss-win32.h | ||