|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 4421 CVE : CVE-2008-4589 CWE : CWE-119 SecurityRisk : High  (About) Remote Exploit : No Local Exploit : Yes Victim interaction required : No Exploit Available : No Credit : Chris Clark Published : 18.10.2008
Advisory Content : iSEC Partners Security Advisory - 2008-002-lenovornr https://www.isecpartners.com -------------------------------------------- Lenovo Rescue and Recovery Local Kernel Overflow Vendor: Lenovo Vendor URL: http://www.lenovo.com Versions affected: 4.20 Systems Affected: Windows XP, Windows Vista Severity: Medium (Local Privilege Escalation) Authors: Chris Clark <cclark[at]isecpartners[dot]com> Rachel Engel <rachel[at]isecpartners[dot]com> Vendor notified: Yes Public release: 10/10/08 Advisory URL: https://www.isecpartners.com/advisories/2008-02-lenovornr.txt Summary: -------- Lenovo Rescue and Recovery monitors system changes and enables users to quickly restore their systems in the event of failure. One component of the Rescue and Recovery system is a file system filter driver which monitors new file writes/reads. There is a heap overflow in the file system filter kernel driver which could allow an attacker to overwrite kernel memory leading to elevation of privilege. Details: -------- The tvtumon.sys driver serves as a file system filter driver which monitors for file creation or changes. Recent lookups are cached within a kernel lookaside list. If an overly long filename is passed through the filesystem, then a buffer within the lookaside list will overflow, leading to kernel memory corruption. A low privileged user can trigger this corruption from user mode and potentially escalate privileges to act as part of the kernel. In the (unlikely) event that a web browser plugin allows opening of long filenames, there is a chance the corruption could be triggered through a web page. Fix Information: ---------------- Lenovo has issued a patch and advisory: http://www-307.ibm.com/pc/support/site.wss/MIGR-70699.html http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html Thanks to: ---------- Dave Challener, Derek Callaway, Troy Bollinger About iSEC Partners: -------------------- iSEC Partners is a full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification, with offices in San Francisco, Seattle, and Ewa Beach. https://www.isecpartners.com info (at) isecpartners (dot) com [email concealed] References : http://www.securityfocus.com/bid/31737
http://www-307.ibm.com/pc/support/site.wss/MIGR-70699.html
http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html
http://xforce.iss.net/xforce/xfdb/45839
http://www.securitytracker.com/id?1021041
http://www.securityfocus.com/archive/1/archive/1/497277/100/0/threaded
http://www.isecpartners.com/advisories/2008-02-lenovornr.txt
http://www.frsirt.com/english/advisories/2008/2806
http://secunia.com/advisories/32252  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |