LANDesk Management Gateway Multiple Security Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

The following example commands may be injected into the vulnerable parameter:

'a; sudo /subin/firewall stop'
'a; sudo /subin/modprobe /tmp/a_module'

The following proof-of-concept code is available:


 

Privacy Statement
Copyright 2010, SecurityFocus