|Check Point Reference:||CPAI-2012-247|
|Date Published:||11 Jun 2012|
|Protection Provided by:||
|Who is Vulnerable?||LANDesk Lenovo ThinkManagement Suite 9.0.3 and prior|
|Vulnerability Description||A directory traversal vulnerability has been reported in LANDesk Lenovo ThinkManagement Suite.|
|Vulnerability Details||The vulnerability is due to insufficient validation of user input while processing specially crafted SOAP requests. A remote attacker may exploit this issue by sending a specially crafted SOAP request to the target server. Successful exploitation could allow an attacker to create and overwrite files on the server, which may result in arbitrary code execution.|
This protection will detect and block the transferring of a malicious message to the target server.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
SmartView Tracker will log the following entries:
Attack Name: LANDesk Management Suite Enforcement
Attack Information: LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal