CVE-2015-2234

Currently unrated

Key Information:

Vendor: Lenovo
Status: System Update
Vendor: CVE Published:; 12 May 2015

Summary

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.

References

http://www.ioactive.com/pdfs/Lenovo_System_Update_Multipl...

x_refsource_MISC

http://support.lenovo.com/us/en/product_security/lsu_priv...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74634

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 12, 2015
Vulnerability Reserved
Mar 6, 2015