A vulnerability in one of the LANDesk Management Gateway pages allows an attacker to perform command injection under certain circumstances. This vulnerability could lead to arbitrary commands to be executed under the root context. Versions 4.0-1.48 & 4.2-1.8 of the LANDesk Management Gateway appliance are affected by this flaw.
LANDesk has released fixes for versions 4.0 & 4.2 products. Please apply GSBWEB_61 to your LANDesk Management Gateway to resolve this problem. Please note these patches are only available through the patch download page on the LANDesk Management Gateway.
LANDesk would like to thank Aureliano Calvo and Adrian Manrique from Core Security Technologies for bring this to our attention.