Multiple vulnerabilities found in Kaspersky Lab's Anti-Virus for Linux File Server

People expect their anti-virus to protect them from malware and exploits but sometimes, even these products have their own vulnerabilities. Leandro Barragan and Maximiliano Vidal, researchers at network security firm Core Security, have found a number of possible exploits in the Web Management Console for Kaspersky's Anti-virus for Linux File Servers.

These vulnerabilities would enable hackers to carry out potentially devastating attacks on enterprises that use the program, such as enabling a remote attack to gain root access to the system. The vector for doing so is Cross-Site Request Forgery as Core Security claims the program has no Anti-CSRF of any form in the interface. This would allow attackers to gain low-level privileges, which can then be elevated to root access.

Other vulnerabilities also found were reflected cross-site scripting and a path traversal.

Barragan and Vidal found these exploits back in April and promptly contacted Kaspersky Lab. The company has since confirmed all the vulnerabilities reported and has been working in conjunction with Core Security to fix the issues. Patch 13738 which includes the fix was pushed out earlier this month on June 14 and can also be grabbed from Kaspersky's website.

Source: Core Security

Report a problem with article
Next Article

Ultimate Summer Game Sale returning June 30th on Xbox One and Windows 10

Previous Article

Discuss: Does Nintendo's Super NES Classic Edition solve enough of the NES Classic's issues? [Update]

Join the conversation!

Login or Sign Up to read and post a comment.

3 Comments - Add comment