Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: The Landesk web application does not sufficiently verify if a well-formed request was provided by the user who submitted the request. Using this information an external remote attacker can run arbitrary code using the 'gsbadmin' user (that is the user running the web-server). In order to be able to successfully make the attack, the administrator must be logged in to the appliance with the browser that the attacker uses to make the attack (for instance, exploiting a XSS in a different tab in the browser).
3dc2b0c9c31c4becfd753be92f87f46eef1496e094193a2f7775f7b49bd1734b
Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS.
503f2b9ce130e8c9fd7df36be1f7004846c5609f67a25cc3666a370cdbd97a49