Multiple vulnerabilities in Lenovo System Update

Описание

Multiple serious vulnerabilities have been found in Lenovo System Update. Malicious users can exploit these vulnerabilities to bypass security restrictions or gain privileges.

Below is a complete list of vulnerabilities

1. Lack of command piping restrictions can be exploited locally via named pipe manipulations;
2. Lack of file signatures verification can be exploited remotely via a specially designed executable files;
3. Lack of directory permissions restrictions can be exploited locally via a files manipulations.

Первичный источник обнаружения

• IOActive advisory
  Lenovo advisory
  

Связанные продукты

• Lenovo-System-Update

Список CVE

• CVE-2015-2234
  high
• CVE-2015-2233
  critical
• CVE-2015-2219
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com