Landesk Gateway Web Interface Command Injection Exploit

The LANDesk web application does not sufficiently verify if a well-formed request was created by the user whose browser submitted the request. Using this flaw an external remote attacker can use a Cross-site Request Forgery attack via a user with a LANDesk session to run arbitrary code using the gsbadmin user (that is the user running the web-server), the gsbadmin user has sudo privileges.
Exploit type: 
Vulnerabilty ID: 
Released Date: 
Wednesday, January 12, 2011 - 18:00