In association with heise online

09 February 2010, 14:56

Security update for LANDesk Management Gateway

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An error in the web interface of the LANDesk Management Gateway can be used by an attacker to create their own commands and pass them to the shell of the underlying system to be run with root privileges. According to the appliance manufacturer, the affected versions are 4.0-1.48 and 4.2-1.8.

The software update GSBWEB_61 closes the hole. According to Core Security, which discovered the problem, the flaw can only be exploited in conjunction with cross-site request forgery. The error report therefore describes not only the command injection vulnerability, but also the CSRF vulnerability and a cross-site scripting vulnerability.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit