Vulnerabilities > CVE-2015-2234 - Race Condition vulnerability in Lenovo System Update 5.06.0027
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family | Windows |
NASL id | LENOVO_SU_5_6_0_34.NASL |
description | The version of Lenovo System Update installed on the remote host is prior to 5.06.0034. It is, therefore, affected by the following vulnerabilities : - A flaw exists in SUService.exe (System Update service) due to generating security tokens for a named pipe in a predictable manner. A local attacker, by sending a valid token, can exploit this flaw to execute commands to gain elevated privileges. (CVE-2015-2219) - A flaw exists due to a failure to properly validate the certificate authority chain when downloading updates. A man-in-the-middle attacker, using a crafted certificate, can exploit this flaw to inject malicious updates, thereby allowing the execution of arbitrary files. (CVE-2015-2233) - A flaw exists due to signature validation for updates occurring in a directory having world-writeable permissions. This can allow a local attacker to swap the update before it is installed and thereby gain elevated privileges. (CVE-2015-2234) Note that Nessus has not tested for these issues but has instead relied only on the application |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 83736 |
published | 2015-05-21 |
reporter | This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/83736 |
title | Lenovo System Update < 5.06.0034 Multiple Vulnerabilities |
code |
|
References
- http://securitytracker.com/id/1032268
- http://securitytracker.com/id/1032268
- http://support.lenovo.com/us/en/product_security/lsu_privilege
- http://support.lenovo.com/us/en/product_security/lsu_privilege
- http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf
- http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf
- http://www.securityfocus.com/bid/74634
- http://www.securityfocus.com/bid/74634