----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/

----------------------------------------------------------------------

TITLE:
Lenovo Rescue and Recovery "tvtumon.sys" Privilege Escalation

SECUNIA ADVISORY ID:
SA32252

VERIFY ADVISORY:
http://secunia.com/advisories/32252/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Lenovo Rescue and Recovery 4.x
http://secunia.com/advisories/product/20143/

DESCRIPTION:
A vulnerability has been reported in Lenovo Rescue and Recovery,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

The vulnerability is caused due to a boundary error within the
"tvtumin.sys" kernel driver when processing overly long file names.
This can be exploited to cause a heap-based buffer overflow and
potentially execute arbitrary code with escalated privileges by
passing a specially crafted file name through the file system.

The vulnerability is reported in version 4.20.0512 for Windows Vista
and 4.20.0511 for Windows XP and 2000.

SOLUTION:
Update to version 4.21.
http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html

PROVIDED AND/OR DISCOVERED BY:
Chris Clark and Rachel Engel, iSEC Partners

ORIGINAL ADVISORY:
iSEC Partners:
https://www.isecpartners.com/advisories/2008-02-lenovornr.txt

Lenovo:
http://www-307.ibm.com/pc/support/site.wss/MIGR-70699.html
http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------