CVE-2015-2234 Information

Description

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory which allows local users to gain privileges by writing to an update file after the signature is validated.

Reference

http://securitytracker.com/id/1032268 http://support.lenovo.com/us/en/product_security/lsu_privilege http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf http://www.securityfocus.com/bid/74634