Sign-up

ID

VAR-200810-0061


CVE

CVE-2008-4589


TITLE

Lenovo Rescue and Recovery Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2008-004952

DESCRIPTION

Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name. Lenovo Rescue and Recovery is prone to a heap-based overflow vulnerability. A successful exploit of this vulnerability can allow a local attacker to completely compromise the affected computer. Lenovo Rescue and Recover 4.20 is vulnerable. Lenovo Rescue and Recovery is a one-click disaster recovery solution developed by Lenovo in China. The tvtumon.sys driver used by Lenovo Rescue and Recovery monitors file creation and changes. The latest queries are cached in the kernel lookaside list. If an overlong file name is sent to the file system, the buffer in the lookaside list will overflow, resulting in kernel memory corruption. A low-privilege user can trigger this destruction from userland, elevating privileges to perform kernel operations. It is also possible to trigger this overflow through web pages in the special case of web browser plugins that allow opening extremely long filenames. ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Lenovo Rescue and Recovery "tvtumon.sys" Privilege Escalation SECUNIA ADVISORY ID: SA32252 VERIFY ADVISORY: http://secunia.com/advisories/32252/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Lenovo Rescue and Recovery 4.x http://secunia.com/advisories/product/20143/ DESCRIPTION: A vulnerability has been reported in Lenovo Rescue and Recovery, which potentially can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error within the "tvtumin.sys" kernel driver when processing overly long file names. The vulnerability is reported in version 4.20.0512 for Windows Vista and 4.20.0511 for Windows XP and 2000. SOLUTION: Update to version 4.21. http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html PROVIDED AND/OR DISCOVERED BY: Chris Clark and Rachel Engel, iSEC Partners ORIGINAL ADVISORY: iSEC Partners: https://www.isecpartners.com/advisories/2008-02-lenovornr.txt Lenovo: http://www-307.ibm.com/pc/support/site.wss/MIGR-70699.html http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-4589 // JVNDB: JVNDB-2008-004952 // BID: 31737 // VULHUB: VHN-34714 // PACKETSTORM: 70923

AFFECTED PRODUCTS

vendor:lenovomodel:resuce and recoveryscope:eqversion:4.20.0512

Trust: 1.6

vendor:lenovomodel:resuce and recoveryscope:eqversion:4.20.0511

Trust: 1.6

vendor:lenovomodel:resuce and recoveryscope:eqversion:4.20

Trust: 1.6

vendor:lenovomodel:resuce and recoveryscope:eqversion:4.20.0511 previous 4.20

Trust: 0.8

vendor:lenovomodel:resuce and recoveryscope:eqversion:and 4.20.0512

Trust: 0.8

vendor:lenovomodel:rescue and recoveryscope:eqversion:4.20

Trust: 0.3

vendor:lenovomodel:rescue and recoveryscope:neversion:4.21

Trust: 0.3

sources: BID: 31737 // JVNDB: JVNDB-2008-004952 // CNNVD: CNNVD-200810-284 // NVD: CVE-2008-4589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-4589
value: HIGH

Trust: 1.0

NVD: CVE-2008-4589
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200810-284
value: HIGH

Trust: 0.6

VULHUB: VHN-34714
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-4589
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-34714
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-34714 // JVNDB: JVNDB-2008-004952 // CNNVD: CNNVD-200810-284 // NVD: CVE-2008-4589

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-34714 // JVNDB: JVNDB-2008-004952 // NVD: CVE-2008-4589

THREAT TYPE

local

Trust: 1.0

sources: BID: 31737 // PACKETSTORM: 70923 // CNNVD: CNNVD-200810-284

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200810-284

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-004952

PATCH
title:Rescue and Recoveryurl:http://support.lenovo.com/en_US/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-004952

EXTERNAL IDS
db:NVDid:CVE-2008-4589
Trust: 2.8
db:BIDid:31737
Trust: 2.0
db:SECUNIAid:32252
Trust: 1.8
db:SECTRACKid:1021041
Trust: 1.7
db:VUPENid:ADV-2008-2806
Trust: 1.7
db:SREASONid:4421
Trust: 1.7
db:JVNDBid:JVNDB-2008-004952
Trust: 0.8
db:XFid:45839
Trust: 0.6
db:BUGTRAQid:20081010 ISEC PARTNERS SECURITY ADVISORY - 2008-002-LENOVORNR - LENOVO RESCUE AND RECOVERY 4.20
Trust: 0.6
db:CNNVDid:CNNVD-200810-284
Trust: 0.6
db:VULHUBid:VHN-34714
Trust: 0.1
db:PACKETSTORMid:70923
Trust: 0.1
sources:
            
            
            VULHUB: VHN-34714 // 
            
            
            
            BID: 31737 // 
            
            
            
            JVNDB: JVNDB-2008-004952 // 
            
            
            
            PACKETSTORM: 70923 // 
            
            
            
            CNNVD: CNNVD-200810-284 // 
            
            
            
            NVD: CVE-2008-4589

REFERENCES
url:http://www-307.ibm.com/pc/support/site.wss/migr-70699.html
Trust: 2.1
url:http://www-307.ibm.com/pc/support/site.wss/migr-4q2qak.html
Trust: 1.8
url:http://www.isecpartners.com/advisories/2008-02-lenovornr.txt
Trust: 1.8
url:http://www.securityfocus.com/bid/31737
Trust: 1.7
url:http://www.securitytracker.com/id?1021041
Trust: 1.7
url:http://secunia.com/advisories/32252
Trust: 1.7
url:http://securityreason.com/securityalert/4421
Trust: 1.7
url:http://www.securityfocus.com/archive/1/497277/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/2806
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/45839
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4589
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4589
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/45839
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/497277/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/2806
Trust: 0.6
url:http://www.pc.ibm.com/us/think/thinkvantagetech/rescuerecovery.html
Trust: 0.3
url:/archive/1/497277
Trust: 0.3
url:http://secunia.com/binary_analysis/sample_analysis/
Trust: 0.1
url:http://secunia.com/advisories/32252/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/product/20143/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-34714 // 
            
            
            
            BID: 31737 // 
            
            
            
            JVNDB: JVNDB-2008-004952 // 
            
            
            
            PACKETSTORM: 70923 // 
            
            
            
            CNNVD: CNNVD-200810-284 // 
            
            
            
            NVD: CVE-2008-4589

CREDITS
Chris Clark※ cclark@isecpartners.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200810-284

SOURCES
db:VULHUBid:VHN-34714
db:BIDid:31737
db:JVNDBid:JVNDB-2008-004952
db:PACKETSTORMid:70923
db:CNNVDid:CNNVD-200810-284
db:NVDid:CVE-2008-4589

LAST UPDATE DATE
2025-04-10T23:07:12.208000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-34714date:2018-10-11T00:00:00
db:BIDid:31737date:2015-05-07T17:22:00
db:JVNDBid:JVNDB-2008-004952date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200810-284date:2009-01-29T00:00:00
db:NVDid:CVE-2008-4589date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-34714date:2008-10-15T00:00:00
db:BIDid:31737date:2008-10-13T00:00:00
db:JVNDBid:JVNDB-2008-004952date:2012-09-25T00:00:00
db:PACKETSTORMid:70923date:2008-10-15T06:24:30
db:CNNVDid:CNNVD-200810-284date:2008-10-15T00:00:00
db:NVDid:CVE-2008-4589date:2008-10-15T22:45:31.350