SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Lenovo ThinkVantage System Update Vendors:   Lenovo
(Lenovo Issues Fix for Lenovo ThinkVantage System Update) Lenovo System Update Lets Local Users Gain System Privileges and Remote Users Bypass Certificate Validation
SecurityTracker Alert ID:  1032269
SecurityTracker URL:  http://securitytracker.com/id/1032269
CVE Reference:   CVE-2015-2219, CVE-2015-2233, CVE-2015-2234   (Links to External Site)
Date:  May 6 2015
Impact:   Execution of arbitrary code via local system, Modification of system information, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.6.0.27 and prior
Description:   Several vulnerabilities were reported in Lenovo System Update. A local user can obtain system privileges on the target system. A remote user can bypass certificate validation on the target system. Lenovo ThinkVantage System Update is affected.

The system uses a predictable security token for user access to the update mechanism [CVE-2015-2219]. A local user can predict the security token and supply the token to the System Update service (SUService.exe) to execute arbitrary commands on the target system with System privileges.

The system does not properly validate the CA certificate chain for Lenovo application updates [CVE-2015-2233]. A remote user with the ability to conduct man-in-the-middle attacks can bypass signature validation checks to replace Lenovo applications with arbitrary applications that will later be executed with System privileges.

The system downloads application updates to a world-writable directory [CVE-2015-2234]. A local user can replace a downloaded file after the signature verification has completed but before the file has been to gain administrative privileges.

The original advisory is available at:

http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf
http://www.ioactive.com/labs/advisories.html

Michael Milvich and Sofiane Talmat of IOActive reported these vulnerabilities.

Impact:   A local user can obtain system or administrative privileges on the target system.

A remote user can bypass certificate validation on the target system to cause arbitrary code to be executed on the target system.

Solution:   Lenovo has issued a fix for Lenovo ThinkVantage System Update.

The Lenovo advisory is available at:

https://support.lenovo.com/us/en/product_security/lsu_privilege

Vendor URL:  support.lenovo.com/us/en/product_security/lsu_privilege (Links to External Site)
Cause:   Authentication error, State error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
May 6 2015 Lenovo System Update Lets Local Users Gain System Privileges and Remote Users Bypass Certificate Validation



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC