CVE-2010-2892 – Landesk - OS command Injection

https://notcve.org/view.php?id=CVE-2010-2892

gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack. gsb/drivers.php en LANDesk Management Gateway v4.0 hasta v4.0-1.48 y v4.2 hasta v4.2-1.8 permite a administradores autenticados remotos ejecutar comandos de su elección a través de metacaracteres shell en el parámetro DRIVES, como se demostró por un ataque de falsificación de petición en sitios cruzados. • https://www.exploit-db.com/exploits/15488 http://community.landesk.com/support/docs/DOC-21767 http://secunia.com/advisories/42188 http://securitytracker.com/id?1024728 http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability http://www.exploit-db.com/exploits/15488 http://www.securityfocus.com/archive/1/514728/100/0/threaded http://www.securityfocus.com/bid/44781 http://www.vupen.com/english/advisories/2010/2957 • CWE-20: Improper Input Validation •