Posted on Monday, August 26 2019 @ 9:53 CEST by Thomas De Maesschalck
The Register
reports security researchers discovered an elevation or privilege vulnerability in the Lenovo Solution Centre (LSC), a tool that's been pre-installed on most Lenovo computers since 2011. All versions of the tool are vulnerable and users are advised to uninstall Lenovo Solution Centre.
"The bug itself is a DACL (discretionary access control list) overwrite, which means that a high-privileged Lenovo process indiscriminately overwrites the privileges of a file that a low-privileged user is able to control," PTP explained. "In this scenario, a low-privileged user can write a 'hardlink' file to the controllable location – a pseudofile which really points to any other file on the system that the low-privileged user doesn't have control of."
