On computers Lenovo, Dell and Toshiba once again found software that defects could expose user data in danger, but also on other unpleasant effects. Holes in the software have been disclosed by Slipstream and CERN.
Detected “imperfections” software these producers are considered quite serious, especially when it comes to Lenovo in for which it is possible to remotely execute code with the privileges at the operating system itself.
Lenovo computers discovered that the application Lenovo Solution Center creates a process called LSCTaskService that works with full administrator privileges and runs a web server listening on By 55,555th port instructions via the HTTP GET and POST code can be performed from within a folder accessible to the currently logged in user. In addition, Lenovo Solution Center can run, also with full privileges, any applications placed in a folder on a data carrier accessible to the user. Just drop him a malicious program and therefore it will run with administrator rights. Another security hole in a CSRF (Cross-Site Request Forgery) located in the already mentioned process LSCTaskService, allowing it to any of you visit websites can send commands to a running local Web server, which again will be done with full privileges.
Dell computers can be found Dell System Software Detect, which as a result of errors developers may be forced to obtain root privileges and execute commands. For this you need is called. security token, which as it turns out, can be downloaded from the website www.dell.com. That token gives Dell the right to Detect System installation manual, but can also be used to run applications with administrative privileges. According SlipStream this hole can be used to fully penetrate the computer.
Toshiba on their computers to install while Service Station, so the software that users without administrative privileges, and malware can be used to read a large part of the Windows Registry as a user with system-level privileges.
Currently, the only solution to the problem is to uninstall these programs. In the case of the Lenovo Solution Center, the matter can also get the same closure application.
No comments:
Post a Comment