Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4589

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-4589
Last Modified 07 Mar 2011 10:12:42
Published 15 Oct 2008 06:45:31
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4589

Summary

Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.

Vulnerable Systems

Application

  • Lenovo Resuce And Recovery 4.20

  • Lenovo Resuce And Recovery 4.20.0511

  • Lenovo Resuce And Recovery 4.20.0512


References

BID - 31737

CONFIRM - http://www-307.ibm.com/pc/support/site.wss/MIGR-70699.html

CONFIRM - http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html

XF - lenovo-rescue-recovery-tvtumin-bo(45839)

VUPEN - ADV-2008-2806

SECTRACK - 1021041

BUGTRAQ - 20081010 iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20

MISC - http://www.isecpartners.com/advisories/2008-02-lenovornr.txt

SREASON - 4421

SECUNIA - 32252


Last Updated: 27 May 2016 10:48:33