SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Lenovo PC Vendors:   Lenovo
Lenovo System Update Lets Local Users Gain System Privileges and Remote Users Bypass Certificate Validation
SecurityTracker Alert ID:  1032268
SecurityTracker URL:  http://securitytracker.com/id/1032268
CVE Reference:   CVE-2015-2219, CVE-2015-2233, CVE-2015-2234   (Links to External Site)
Updated:  Jul 21 2015
Original Entry Date:  May 6 2015
Impact:   Execution of arbitrary code via local system, Modification of system information, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.6.0.27 and prior
Description:   Several vulnerabilities were reported in Lenovo System Update. A local user can obtain system privileges on the target system. A remote user can bypass certificate validation on the target system.

The system uses a predictable security token for user access to the update mechanism [CVE-2015-2219]. A local user can predict the security token and supply the token to the System Update service (SUService.exe) to execute arbitrary commands on the target system with System privileges.

The system does not properly validate the CA certificate chain for Lenovo application updates [CVE-2015-2233]. A remote user with the ability to conduct man-in-the-middle attacks can bypass signature validation checks to replace Lenovo applications with arbitrary applications that will later be executed with System privileges.

The system downloads application updates to a world-writable directory [CVE-2015-2234]. A local user can replace a downloaded file after the signature verification has completed but before the file has been to gain administrative privileges.

The original advisory is available at:

http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf
http://www.ioactive.com/labs/advisories.html

Michael Milvich and Sofiane Talmat of IOActive reported these vulnerabilities.

Impact:   A local user can obtain system or administrative privileges on the target system.

A remote user can bypass certificate validation on the target system to cause arbitrary code to be executed on the target system.

Solution:   The vendor has issued a fix [in April 2015].

[Editor's note: On July 9, 2015, the vendor released a new version (5.06.0043) containing additional unspecified security fixes.]

The vendor's advisory is available at:

https://support.lenovo.com/us/en/product_security/lsu_privilege

Vendor URL:  support.lenovo.com/us/en/product_security/lsu_privilege (Links to External Site)
Cause:   Authentication error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 6 2015 (Lenovo Issues Fix for Lenovo ThinkVantage System Update) Lenovo System Update Lets Local Users Gain System Privileges and Remote Users Bypass Certificate Validation
Lenovo has issued a fix for Lenovo ThinkVantage System Update.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC