EUVD-2017-18728

Malware in sbrugna...

EUVD-2017-18725

Malware in sbrugna...

The vulnerability of the reportId parameter in the getReportStatus method of the Kaspersky Anti-Virus for Linux File Server antivirus protection tool allows a hacker to access and read arbitrary files.

The vulnerability of the reportId parameter in the getReportStatus method of the Kaspersky Anti-Virus for Linux File Server antivirus tool is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files wit...

The vulnerability in the web interface of the Kaspersky Anti-Virus for Linux File Server allows a malicious actor to send authenticated requests.

The vulnerability of the Kaspersky Anti-Virus for Linux File Server web interface is related to the absence of Anti-CSRF tokens in all forms of the interface. Exploiting this vulnerability allows a malicious actor to send authenticated requests during the time when the authenticated user is viewi...

The vulnerability of the scriptName parameter in the licenseKeyInfo method of the Kaspersky Anti-Virus for Linux File Server security tool allows a hacker to obtain files from the attacked system.

The vulnerability of the scriptName parameter in the licenseKeyInfo method of the Kaspersky Anti-Virus for Linux File Server security tool exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability can allow a malicious actor, operating remotely, to...

CVE-2017-9813

In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312, the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting XSS...

Cross site request forgery (csrf)

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

CVE-2017-9811

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...

CVE-2017-9811

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...

CVE-2017-9812

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...

Code injection

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...

CVE-2017-9812

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...

CVE-2017-9810

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

CVE-2017-9813

In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312, the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting XSS...

CVE-2017-9810

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

CVE-2017-9811

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...

CVE-2017-9812

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...

CVE-2017-9810

CVE-2017-9810 affects Kaspersky Anti-Virus for Linux File Server Web Management Console (Kaspersky, 8.0.x). The root cause is absence of Anti-CSRF tokens in forms, enabling CSRF to submit authenticated requests when a user browses attacker-controlled domains. CORE-2017-0003 describes associated i...

Kaspersky Anti-Virus for Linux File Server Path Traversal Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A path traversal vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows an attacker to read arbitrary files with...

Kaspersky Anti-Virus for Linux File Server Cross-Site Request Forgery Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A cross-site request forgery vulnerability exists in Kaspersky Anti-Virus for Linux File Server. This allows an attacker to submit authenticated reques...