Lenovo System Update < 5.06.0034 Multiple Vulnerabilities

high Nessus Plugin ID 83736

Synopsis

The remote Windows host contains an application that is affected by multiple vulnerabilities.

Description

The version of Lenovo System Update installed on the remote host is prior to 5.06.0034. It is, therefore, affected by the following vulnerabilities :

- A flaw exists in SUService.exe (System Update service) due to generating security tokens for a named pipe in a predictable manner. A local attacker, by sending a valid token, can exploit this flaw to execute commands to gain elevated privileges. (CVE-2015-2219)

- A flaw exists due to a failure to properly validate the certificate authority chain when downloading updates. A man-in-the-middle attacker, using a crafted certificate, can exploit this flaw to inject malicious updates, thereby allowing the execution of arbitrary files.
(CVE-2015-2233)

- A flaw exists due to signature validation for updates occurring in a directory having world-writeable permissions. This can allow a local attacker to swap the update before it is installed and thereby gain elevated privileges. (CVE-2015-2234)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Lenovo System Update 5.06.0034 or later.

See Also

https://support.lenovo.com/us/en/product_security/lsu_privilege

Plugin Details

Severity: High

ID: 83736

File Name: lenovo_su_5_6_0_34.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 5/21/2015

Updated: 7/12/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 7.2

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:lenovo:system_update

Required KB Items: installed_sw/Lenovo System Update

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/14/2015

Vulnerability Publication Date: 4/14/2015

Exploitable With

Metasploit (Lenovo System Update Privilege Escalation)

Reference Information

CVE: CVE-2015-2219, CVE-2015-2233, CVE-2015-2234

BID: 74634, 74642, 74649