Details of VAR-201505-0141

ID

VAR-201505-0141

CVE

CVE-2015-2234

TITLE

Lenovo System Update Vulnerable to gaining privileges

Trust: 0.8

sources: JVNDB: JVNDB-2015-002674

DESCRIPTION

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. Lenovo System Update is prone to a local privilege-escalation vulnerability. A local attacker can exploit this vulnerability to gain elevated privileges. Lenovo System Update 5.6.0.27 and prior versions are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc

Trust: 1.98

sources: NVD: CVE-2015-2234 // JVNDB: JVNDB-2015-002674 // BID: 74634 // VULHUB: VHN-80195

AFFECTED PRODUCTS

vendor:	lenovo	model:	system update	scope:	lte	version:	5.06.0027	Trust: 1.0
vendor:	lenovo	model:	system update	scope:	lt	version:	5.06.0034	Trust: 0.8
vendor:	lenovo	model:	system update	scope:	eq	version:	5.06.0027	Trust: 0.6
vendor:	lenovo	model:	system update	scope:	eq	version:	3.14	Trust: 0.3
vendor:	lenovo	model:	system update	scope:	eq	version:	3	Trust: 0.3

sources: BID: 74634 // JVNDB: JVNDB-2015-002674 // CNNVD: CNNVD-201505-103 // NVD: CVE-2015-2234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-2234
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-2234
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-103
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-80195
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-2234
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-80195
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-80195 // JVNDB: JVNDB-2015-002674 // CNNVD: CNNVD-201505-103 // NVD: CVE-2015-2234

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-80195 // JVNDB: JVNDB-2015-002674 // NVD: CVE-2015-2234

THREAT TYPE

local

Trust: 0.9

sources: BID: 74634 // CNNVD: CNNVD-201505-103

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201505-103

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002674

PATCH

title:

LEN-2015-011

url:

http://support.lenovo.com/us/en/product_security/lsu_privilege

Trust: 0.8

sources: JVNDB: JVNDB-2015-002674

EXTERNAL IDS

db:	NVD	id:	CVE-2015-2234	Trust: 2.8
db:	SECTRACK	id:	1032268	Trust: 1.7
db:	BID	id:	74634	Trust: 1.4
db:	JVNDB	id:	JVNDB-2015-002674	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-103	Trust: 0.7
db:	VULHUB	id:	VHN-80195	Trust: 0.1

sources: VULHUB: VHN-80195 // BID: 74634 // JVNDB: JVNDB-2015-002674 // CNNVD: CNNVD-201505-103 // NVD: CVE-2015-2234

REFERENCES

url:	http://support.lenovo.com/us/en/product_security/lsu_privilege	Trust: 1.7
url:	http://www.ioactive.com/pdfs/lenovo_system_update_multiple_privilege_escalations.pdf	Trust: 1.7
url:	http://securitytracker.com/id/1032268	Trust: 1.7
url:	http://www.securityfocus.com/bid/74634	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2234	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2234	Trust: 0.8
url:	http://www.lenovo.com/ca/en/	Trust: 0.3

sources: VULHUB: VHN-80195 // BID: 74634 // JVNDB: JVNDB-2015-002674 // CNNVD: CNNVD-201505-103 // NVD: CVE-2015-2234

CREDITS

Michael Milvich and Sofiane Talmat of IOActive

Trust: 0.3

sources: BID: 74634

SOURCES

db:	VULHUB	id:	VHN-80195
db:	BID	id:	74634
db:	JVNDB	id:	JVNDB-2015-002674
db:	CNNVD	id:	CNNVD-201505-103
db:	NVD	id:	CVE-2015-2234

LAST UPDATE DATE

2024-11-23T21:44:18.016000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-80195	date:	2017-01-03T00:00:00
db:	BID	id:	74634	date:	2015-05-15T00:12:00
db:	JVNDB	id:	JVNDB-2015-002674	date:	2015-05-18T00:00:00
db:	CNNVD	id:	CNNVD-201505-103	date:	2015-05-13T00:00:00
db:	NVD	id:	CVE-2015-2234	date:	2024-11-21T02:27:02.807

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-80195	date:	2015-05-12T00:00:00
db:	BID	id:	74634	date:	2015-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-002674	date:	2015-05-18T00:00:00
db:	CNNVD	id:	CNNVD-201505-103	date:	2015-05-13T00:00:00
db:	NVD	id:	CVE-2015-2234	date:	2015-05-12T19:59:15.027