Vulnerability CVE-2020-17381 (EXE protection from tampering)

Bug reports will be moved here when the described bug has been fixed

Moderators: white, Hacker, petermad, Stefan2

Post Reply
madcode
New Member
New Member
Posts: 1
Joined: 2021-04-30, 15:51 UTC

Vulnerability CVE-2020-17381 (EXE protection from tampering)

Post by *madcode »

Hi,
Thanks you for your continuous work on this great tool. Unfortunately corporate IT security suspended my use of Total Commander until vulnerability can is addressed.

https://nvd.nist.gov/vuln/detail/CVE-2020-17381

Is it possible to switch install folder into Program Files, and thus enable build-in Windows 7 & 10 EXE module protection? Or to provide an MSI installed addressing this corporate security concern (however private users will probably also benefit from better security due to Windows EXE protection)?

Hoping for a fix in 10x version (sorry, can't test until tool is upgraded with the fix and unlocked by IT Security). The lock used at our company is Windows EXE application whitelisting group policy.


Again, much appreciated!

Madcode
User avatar
Dalai
Power Member
Power Member
Posts: 9364
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Re: Vulnerability CVE-2020-17381 (EXE protection from tampering)

Post by *Dalai »

There's nothing stopping anyone from installing TC into %ProgramFiles%, provided they have administrator privileges to do so, of course. I've been using TC from this directory for more than a decade, and aside from some plugin settings files where NTFS permission should/must be changed to allow users to write to them, it works just fine.

From what I've read so far, TC 10 will change the default installation directory to somewhere under %ProgramFiles%.

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: Vulnerability CVE-2020-17381 (EXE protection from tampering)

Post by *ghisler(Author) »

This "vulnerability" is only about the install location, any program installed outside of "Program Files" or "Program Files (x86)" would be affected, but ONLY if there are limited users defined on your system.
The attack would work like this:
1. You install Total Commander to c:\totalcmd
2. A user with limited rights logs in and replaces the exe in c:\totalcmd with his own
3. You run Total Commander, but instead that other app gets started.
This is only a problem with limited users, who cannot modify "Program Files", but can modify "totalcmd". Users who have admin rights can modify "Program Files", so they can replace the exe with their own there.

So what does TC 10 do against it?
1. For new installations, it now defaults to "Program Files"
2. For existing installations, it offers to write protect the target folder, so other users cannot write to it.

If this is a concern for you and you use TC 9.51, just install it to a directory under "Program Files".
Author of Total Commander
https://www.ghisler.com
Post Reply