Sign-up

ID

VAR-201011-0175


CVE

CVE-2010-2892


TITLE

LANDesk Management Gateway of gsb/drivers.php Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-002985

DESCRIPTION

gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack. LANDesk Management Gateway is prone to a remote command-execution vulnerability because the appliance fails to adequately sanitize user-supplied input. Successful exploitation may allow an attacker to execute arbitrary commands and completely compromise the device. LANDesk Management Gateway 4.0-1.48, 4.2-1.8, 4.0-1.61s and 4.2-1.61 versions are affected. Landesk Management Suite is a network management system that controls desktops, servers, and mobile devices, among others. The vulnerability has been confirmed through a cross-site request forgery attack. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: LANDesk Management Gateway Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42188 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42188/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42188 RELEASE DATE: 2010-11-12 DISCUSS ADVISORY: http://secunia.com/advisories/42188/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42188/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42188 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in LANDesk Management Gateway, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. inject and execute arbitrary shell commands if a logged-in administrator visits a specially crafted web site. The vulnerability is reported in versions 4.2 GSBWEB v1.61 and 4.0 GSBWEB v1.61s. SOLUTION: Apply patch GSBWEB_62. PROVIDED AND/OR DISCOVERED BY: Aureliano Calvo, Core Security Technologies ORIGINAL ADVISORY: LANDesk: http://community.landesk.com/support/docs/DOC-21767 Core Security Technologies: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-2892 // JVNDB: JVNDB-2010-002985 // BID: 44781 // VULHUB: VHN-45497 // PACKETSTORM: 95763

AFFECTED PRODUCTS

vendor:landeskmodel:management gatewayscope:eqversion:4.2-1.8

Trust: 1.6

vendor:landeskmodel:management gatewayscope:eqversion:4.0

Trust: 1.6

vendor:landeskmodel:management gatewayscope:eqversion:4.2

Trust: 1.6

vendor:landeskmodel:management gatewayscope:eqversion:4.0-1.48

Trust: 1.6

vendor:landeskmodel:management gatewayscope:eqversion:4.0 to 4.0-1.48 and 4.2 to 4.2-1.8

Trust: 0.8

vendor:landeskmodel:software landesk management gatewayscope:eqversion:4.2-1.8

Trust: 0.3

vendor:landeskmodel:software landesk management gatewayscope:eqversion:4.2-1.61

Trust: 0.3

vendor:landeskmodel:software landesk management gateway 4.0-1.61sscope: - version: -

Trust: 0.3

vendor:landeskmodel:software landesk management gatewayscope:eqversion:4.0-1.48

Trust: 0.3

vendor:landeskmodel:software landesk management gatewayscope:neversion:4.2-1.62

Trust: 0.3

vendor:landeskmodel:software landesk management gatewayscope:neversion:4.0-1.62

Trust: 0.3

sources: BID: 44781 // JVNDB: JVNDB-2010-002985 // CNNVD: CNNVD-201011-161 // NVD: CVE-2010-2892

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2892
value: HIGH

Trust: 1.0

NVD: CVE-2010-2892
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201011-161
value: HIGH

Trust: 0.6

VULHUB: VHN-45497
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-2892
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-45497
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-45497 // JVNDB: JVNDB-2010-002985 // CNNVD: CNNVD-201011-161 // NVD: CVE-2010-2892

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-45497 // JVNDB: JVNDB-2010-002985 // NVD: CVE-2010-2892

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-161

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201011-161

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002985

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-45497

PATCH
title:Top Pageurl:http://www.landesk.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-002985

EXTERNAL IDS
db:NVDid:CVE-2010-2892
Trust: 2.8
db:BIDid:44781
Trust: 2.0
db:SECUNIAid:42188
Trust: 1.8
db:EXPLOIT-DBid:15488
Trust: 1.7
db:VUPENid:ADV-2010-2957
Trust: 1.7
db:SECTRACKid:1024728
Trust: 1.7
db:JVNDBid:JVNDB-2010-002985
Trust: 0.8
db:CNNVDid:CNNVD-201011-161
Trust: 0.7
db:BUGTRAQid:20101110 CORE-2010-1018 - LANDESK OS COMMAND INJECTION
Trust: 0.6
db:PACKETSTORMid:95743
Trust: 0.1
db:SEEBUGid:SSVID-70188
Trust: 0.1
db:VULHUBid:VHN-45497
Trust: 0.1
db:PACKETSTORMid:95763
Trust: 0.1
sources:
            
            
            VULHUB: VHN-45497 // 
            
            
            
            BID: 44781 // 
            
            
            
            JVNDB: JVNDB-2010-002985 // 
            
            
            
            PACKETSTORM: 95763 // 
            
            
            
            CNNVD: CNNVD-201011-161 // 
            
            
            
            NVD: CVE-2010-2892

REFERENCES
url:http://community.landesk.com/support/docs/doc-21767
Trust: 2.1
url:http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability
Trust: 2.1
url:http://www.securityfocus.com/bid/44781
Trust: 1.7
url:http://www.exploit-db.com/exploits/15488
Trust: 1.7
url:http://securitytracker.com/id?1024728
Trust: 1.7
url:http://secunia.com/advisories/42188
Trust: 1.7
url:http://www.vupen.com/english/advisories/2010/2957
Trust: 1.7
url:http://www.securityfocus.com/archive/1/514728/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2892
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2892
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/514728/100/0/threaded
Trust: 0.6
url:http://www.landesk.com/products/ldmga/index.aspx
Trust: 0.3
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42188
Trust: 0.1
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/products/corporate/vim/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/42188/
Trust: 0.1
url:http://secunia.com/advisories/42188/#comments
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-45497 // 
            
            
            
            BID: 44781 // 
            
            
            
            JVNDB: JVNDB-2010-002985 // 
            
            
            
            PACKETSTORM: 95763 // 
            
            
            
            CNNVD: CNNVD-201011-161 // 
            
            
            
            NVD: CVE-2010-2892

CREDITS
Aureliano Calvo
Trust: 0.3
sources:
            
            
            BID: 44781

SOURCES
db:VULHUBid:VHN-45497
db:BIDid:44781
db:JVNDBid:JVNDB-2010-002985
db:PACKETSTORMid:95763
db:CNNVDid:CNNVD-201011-161
db:NVDid:CVE-2010-2892

LAST UPDATE DATE
2025-04-11T23:14:54.837000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-45497date:2018-10-10T00:00:00
db:BIDid:44781date:2010-11-12T17:27:00
db:JVNDBid:JVNDB-2010-002985date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201011-161date:2010-11-17T00:00:00
db:NVDid:CVE-2010-2892date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-45497date:2010-11-15T00:00:00
db:BIDid:44781date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002985date:2012-03-27T00:00:00
db:PACKETSTORMid:95763date:2010-11-12T08:00:00
db:CNNVDid:CNNVD-201011-161date:2010-11-17T00:00:00
db:NVDid:CVE-2010-2892date:2010-11-15T21:00:03.813