Lenov-lol, a load of Tosh, and what the Dell? More bad holes found in PC makers' bloatware

L

LabZero

Thread author
Content source
http://www.theregister.co.uk/2015/12/05/dell_lenovo_toshiba_vulnerabilities/
Visit evil webpage – lose control of your computer

In brief Lenovo laptops and PCs can be hijacked by visiting a malicious website – and Dell and Toshiba machines suffer vulnerabilities, too, we're told.

If you're running the Lenovo Solution Center bundled with Lenovo gear, and you browse by an evil webpage, scripts on that page can run code with full system privileges on your computer, allowing them to install malware, spy on you, and cause other havoc. Any programs or software nasties already on your machine can exploit Lenovo Solution Center to gain admin access, and therefore full control, without you lifting a finger.

The vulnerabilities were discovered by infosec bod Slipstream – previously on these pages for discovering security holes in Dell and UK school IT admin software. The US CERT has issued an alert about the Lenovo holes, and the Chinese giant has urged people to uninstall its Solution Center as soon as possible.

"By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges," said CERT, which is backed by the US Department of Homeland Security.

"The CERT/CC is currently unaware of a practical solution to this problem. However, please consider the following workaround: uninstall Lenovo Solution Center to prevent exploitation of these vulnerabilities. Closing any running instance of Lenovo Solution Center also prevents exploitation."

You can fetch exploit binaries and source code, written in D, for the holes here if you want to see for yourself how terrible multimillion-dollar outfits Lenovo, Dell and Toshiba are at secure programming – bear in mind you'll be treated to a cute retro-demoscene-esque intro with audio while fetching the .zip.

Here's a round up of the bugs, according to CERT and Slipstream:

  • Lenovo...
    • Lenovo Solution Center creates a process called LSCTaskService that runs with full administrator rights, and fires up a web server on port 55555. It can be instructed via GET and POST HTTP requests to execute code in a directory a local user can access.
    • Lenovo Solution Center will execute, again with full privileges, programs found in an arbitrary location on disk where the user can write to. Put some bad software in there, and it will be executed with admin rights.
    • A classic cross-site request forgery (CSRF) vulnerability exists in the LSCTaskService process, allowing any visited webpage to pass commands to the local web server to execute with full privileges.
  • Dell's bundled utility Dell System Detect can be made to gain admin privileges and execute arbitrary commands – by feeding it a security token downloaded from, er, dell.com: a token granting Dell System Detect permission to install manuals can be abused to execute programs (such as malware) with admin privileges. This can be exploited by software on your computer to fully compromise the machine.
  • Toshiba's bundled Service Station tool can be abused by normal users and unprivileged software to read the majority of the operating system's registry as a SYSTEM-level user.
Lenovo has only just got round to patching holes in its System Update utility. It was previously this year caught up in a bloatware security blunder, as was Dell. ®
 
  • Like
Reactions: jamescv7, Solarquest, frogboy and 5 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Liked the sploit site as it reminded of old keygens that many times came along with great tunes.
 
  • Like
Reactions: Rishi and frogboy
DracusNarcrym

DracusNarcrym

Level 20
Verified
Top Poster
Well-known
Oct 16, 2015
970
upnorth said:
Liked the sploit site as it reminded of old keygens that many times came along with great tunes.
Click to expand...
We're playing with fire for mentioning piracy here... but some keygens have amazing 8-bit tunes. :D
Klipsh said:
Visit evil webpage – lose control of your computer

In brief Lenovo laptops and PCs can be hijacked by visiting a malicious website – and Dell and Toshiba machines suffer vulnerabilities, too, we're told.

If you're running the Lenovo Solution Center bundled with Lenovo gear, and you browse by an evil webpage, scripts on that page can run code with full system privileges on your computer, allowing them to install malware, spy on you, and cause other havoc. Any programs or software nasties already on your machine can exploit Lenovo Solution Center to gain admin access, and therefore full control, without you lifting a finger.

The vulnerabilities were discovered by infosec bod Slipstream – previously on these pages for discovering security holes in Dell and UK school IT admin software. The US CERT has issued an alert about the Lenovo holes, and the Chinese giant has urged people to uninstall its Solution Center as soon as possible.

"By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges," said CERT, which is backed by the US Department of Homeland Security.

"The CERT/CC is currently unaware of a practical solution to this problem. However, please consider the following workaround: uninstall Lenovo Solution Center to prevent exploitation of these vulnerabilities. Closing any running instance of Lenovo Solution Center also prevents exploitation."

You can fetch exploit binaries and source code, written in D, for the holes here if you want to see for yourself how terrible multimillion-dollar outfits Lenovo, Dell and Toshiba are at secure programming – bear in mind you'll be treated to a cute retro-demoscene-esque intro with audio while fetching the .zip.

Here's a round up of the bugs, according to CERT and Slipstream:

  • Lenovo...
    • Lenovo Solution Center creates a process called LSCTaskService that runs with full administrator rights, and fires up a web server on port 55555. It can be instructed via GET and POST HTTP requests to execute code in a directory a local user can access.
    • Lenovo Solution Center will execute, again with full privileges, programs found in an arbitrary location on disk where the user can write to. Put some bad software in there, and it will be executed with admin rights.
    • A classic cross-site request forgery (CSRF) vulnerability exists in the LSCTaskService process, allowing any visited webpage to pass commands to the local web server to execute with full privileges.
  • Dell's bundled utility Dell System Detect can be made to gain admin privileges and execute arbitrary commands – by feeding it a security token downloaded from, er, dell.com: a token granting Dell System Detect permission to install manuals can be abused to execute programs (such as malware) with admin privileges. This can be exploited by software on your computer to fully compromise the machine.
  • Toshiba's bundled Service Station tool can be abused by normal users and unprivileged software to read the majority of the operating system's registry as a SYSTEM-level user.
Lenovo has only just got round to patching holes in its System Update utility. It was previously this year caught up in a bloatware security blunder, as was Dell. ®
Click to expand...
Number 1 task when getting a new computer with pre-installed software (bloatware): Remove that software. :D
 
  • Like
Reactions: upnorth, frogboy and Rishi
Rishi

Rishi

Level 19
Verified
Honorary Member
Top Poster
Well-known
Dec 3, 2015
938
Now I feel lucky I don't use any of those brands and unlucky as my home laptop belongs to a series whose network adapter prevented win 10 from downloading worldwide,I happened to have different adapter,it missed by a whisker and now win 10 download nag screen persists.:rolleyes::rolleyes:
 
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Does it make us surprise on those unending incidents? That's what we call back-end tactics techniques run throughout those bundled programs, honestly they are useful on the first place however the lack of quality control and abusive on partnership tends to take for granted on customers.

All laptops OEM contains bundled programs, its all about how we choose the lesser evil. ;)
 
  • Like
Reactions: Solarquest, Rishi and frogboy
jackuars

jackuars

Level 27
Verified
Top Poster
Well-known
Jul 2, 2014
1,689
Pretty sure that no company has a 100% track record, things will start to reveal one by one. At present am quite glad with Lenovo Z51-70.
 
  • Like
Reactions: Rishi
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Security News PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft
Replies
0
Views
1,388
Security News
silversurfer
silversurfer
Ink
    • Like
Technology Lenovo to sell enterprise-grade Android desktop PCs; Esper Foundation
Replies
1
Views
433
Technology News
MuzzMelbourne
MuzzMelbourne
[correlate]
    • Like
Multiple Flaws Found in ScrutisWeb Software Exposes ATMs to Remote Hacking
Replies
0
Views
1,164
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top