Important note for LANDesk Management Gateway Users

Posted by dthompkins on March 8, 2010 under LANDesk | 2 Comments to Read

Hello everyone — I am a massive fan of the LANDesk gateway, having come from the days of instant support suite (ISS), which is the technology the GSB is based on.  There is an important security vulnerability that needs to be addressed.  I’ll make best efforts to post these important messages on this blog in a more timely manner ~

Description:

An error in the web interface of the LANDesk Management Gateway can be used by an attacker to create their own commands and pass them to the shell of the underlying system to be run with root privileges. The affected versions of the Gateway are 4.0-1.48 and 4.2-1.8.

The version can be found in the Gateway’s Console section in the About Tab.

Versions Available:

  • There is a patch available for the 4.0-1.48 version of the Gateway.
    •  
     
     

  • There is a patch available for the 4.2-1.8 version of the Gateway.

    •  

 

Resolution:

To Download and install the Patch on a LANDesk Management Gateway:
  1. Login to the Gateway’s web console – https://gatewayname/gsb
  2. Select the System section on the left sidebar.
  3. Click on the Update tab.
  4. Click on the “Scan For Updates” Button.
  5. When the Scan is complete the update should show up in the list with a vulid containing “GSBWEB”.
  6. Click on the “Apply” option.

The offical LANDesk Link can be found on the community website:

http://community.landesk.com/support/docs/DOC-8456

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • LinkedIn
  • TwitThis

Tags: ,

  • Jim said,

    LANDesk is a great product!

  • dthompkins said,

    Indeed it is, and LANDesk has continued to ensure that it is secure and fully capable for the enterprise ~

Add A Comment

home top