Dira v Lenovo Solution Center

Puppy · Příspěvek od **Puppy** » 08 pro 2015 22:13

Okamzite odinstalujte Lenovo Solution Center, dira jak vrata :shock:

Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF https://www.kb.cert.org/vuls/id/294607

Impact

By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges.

Lenovo Security Advisory: LEN-4326 https://support.lenovo.com/us/en/produc ... y/len_4326

Zajimalo by me kam chodi na tu "sw architekturu", protoze tohle neni uz jen bezna chyba co se stane, tohle je absolutne nesmyslne navrzene cele, podle toho popisu.

Puppy · Příspěvek od **Puppy** » 11 pro 2015 10:40

Udajne je to opravene https://forums.lenovo.com/t5/Security-M ... true#M2250

The patched version 2.8.006 and 3.2.002 are released today for self update through LSC and should be available for download via the support site soon - perhaps as early as tommorow.

Python.P · Příspěvek od **Python.P** » 15 pro 2015 00:05

Článek na LBCZ bude zítra, respektive dnes. Holt jsme čekali na ofiko vyjádření Lenova...