Lenovo System Update < 5.06.0034 Multiple Vulnerabilities
High Nessus Plugin ID 83736
SynopsisThe remote Windows host contains an application that is affected by multiple vulnerabilities.
DescriptionThe version of Lenovo System Update installed on the remote host is prior to 5.06.0034. It is, therefore, affected by the following vulnerabilities :
- A flaw exists in SUService.exe (System Update service) due to generating security tokens for a named pipe in a predictable manner. A local attacker, by sending a valid token, can exploit this flaw to execute commands to gain elevated privileges. (CVE-2015-2219)
- A flaw exists due to a failure to properly validate the certificate authority chain when downloading updates. A man-in-the-middle attacker, using a crafted certificate, can exploit this flaw to inject malicious updates, thereby allowing the execution of arbitrary files.
- A flaw exists due to signature validation for updates occurring in a directory having world-writeable permissions. This can allow a local attacker to swap the update before it is installed and thereby gain elevated privileges. (CVE-2015-2234)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Lenovo System Update 5.06.0034 or later.