SSL Certificate Validation Flaw in Lenovo System Update
CVE-2008-3249

Currently unrated

Key Information:

Vendor: Lenovo
Status: Thinkvantage System Update
Vendor: CVE Published:; 21 July 2008

Summary

The Lenovo System Update tool prior to version 3.14 contains a vulnerability due to improper validation of SSL certificates. This oversight allows remote attackers to exploit the system by installing arbitrary packages through a compromised SSL certificate, resembling a legitimate one used by IBM. This flaw can lead to unauthorized software installations, posing substantial security risks to users by facilitating data breaches or malware propagation.

References

http://secunia.com/advisories/30379

third-party-advisoryx_refsource_SECUNIA

http://www.security-objectives.com/advisories/SECOBJADV-2...

x_refsource_MISC

http://www.securityfocus.com/bid/29366

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 21, 2008
Vulnerability Reserved
Jul 21, 2008