===================================================================== CERT-Renater Note d'Information No. 2010/VULN473 _____________________________________________________________________ DATE : 19/11/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running LANDesk Management Gateway versions 4.0-1.48, 4.2-1.8. ====================================================================== http://community.landesk.com/support/docs/DOC-21767 ______________________________________________________________________ 11-10-2010 Vulnerability in the LANDesk Management Gateway Created on: Nov 10, 2010 12:01 PM by Jed - Last Modified: Nov 11, 2010 10:10 AM by Jed Problem: A vulnerability in one of the LANDesk Management Gateway pages allows an attacker to perform command injection under certain circumstances. This vulnerability could lead to arbitrary commands to be executed under the root context. Versions 4.0-1.48 & 4.2-1.8 of the LANDesk Management Gateway appliance are affected by this flaw. FIX: LANDesk has released fixes for versions 4.0 & 4.2 products. Please apply GSBWEB_62 to your LANDesk Management Gateway to resolve this problem. Please note these patches are only available through the patch download page on the LANDesk Management Gateway. Special note: LANDesk would like to thank Aureliano Calvo from Core Security Technologies for bring this to our attention. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================