Many major vulnerabilities found in Kaspersky Antivirus for Linux servers, download the patch here
People expect anti-virus software to protect themselves and data from malware, hackers, but sometimes, even these products exist their own vulnerabilities. Leandro Barragan and Maximiliano Vidal, two researchers from network security company Core Security, have found a number of vulnerabilities that can be exploited in the Web Management Console of Kaspersky Anti-Virus for Linux servers.
- After WannaCry, Petya's "blackmail" malicious code is raging, this is a way to overcome and prevent it
These vulnerabilities will allow hackers to attack the server using methods such as remote attack to root and access the system. Hackers can use Cross-Site Request Forgery technique (CSRF - a type of phishing attack on its own subject, based on unauthorized borrowing and hackers can perform operations requiring authentication) to exploit the vulnerabilities found in Kaspersky Anti-Virus for Linux servers.
Core Security said that this antivirus program does not have anti-CSRF features in any way. This will allow an attacker to achieve low-level privileges, which can then be upgraded to root privileges.
Share more: For Linux and other UNIX operating systems, the root user is equivalent to Administrator user on Windows. Root user has access to the entire file system in the operating system and does whatever it wants.
Other vulnerabilities are also found: cross-site scripting (this is a vulnerability that appears primarily on web apps, allowing hackers to insert malicious code into the app that is dangerous to users) and path traversal ( HTTP vulnerabilities allow hackers to access restricted indexes, execute commands outside the root index of the web server.)
Barragan and Vidal found these flaws in April and quickly contacted Kaspersky Lab. The company has since confirmed all reported vulnerabilities and is working in conjunction with Core Security to fix issues. Patch Patch 13738 includes a fix that was released on June 29 and can also be obtained from the Kaspersky website.
Download patch 13738 at: http://support.kaspersky.com/13738
You should read it
- Kaspersky launched Internet Security and Antivirus 2010 versions
- Top 10 best Antivirus software in early 2018 for Windows 10
- How to use Kaspersky Free antivirus software
- Instructions for cleaning and optimizing the system with Kaspersky Cleaner
- Kaspersky gave the antivirus software source code to a third party for review
- Former NSA hacker turned Kaspersky antivirus software into a spy tool
- The best antivirus programs for Windows 7
- Kaspersky launches antivirus version for Mac
May be interested
- WikiLeaks revealed malware of CIA hacks and spies on Linux computerswikileaks has just published the vault 7 document that provides detailed information about a supposedly cia project that allows remote hacking and spying on linux-based computers.
- Mobile malware infection rate increased by 400% in the past year. Android has the highest ratenokia's latest report has indicated the malware infection rate of mobile devices and tablets last year increased by 400%. malware infection rate of smartphone smartphones is 85%, in which android has the highest rate of malware infection.
- No anti-virus software can detect this extremely dangerous new Ransomware on Androida new type of ransomware on android has just been discovered by a researcher on a blog called zscaler. the point that makes this type of ransomware so frightening is that no anti-virus software can detect it.
- It took three years for Google to discover this dangerous Spyware on Androidgoogle recently discovered a very sophisticated type of spyware spyware on android. the frightening thing is that this type of spyware has not been detected during the last 3 years based on the extremely special ability to destroy itself.
- You will have to play the game if you want to get rid of this new Ransomwarea new ransomware called rensenware will lock all files inside the device. the victim will have to play a game called th12: undefined fantastic object and must achieve at least 200 million points in lunatic level mode if he does not want to say goodbye to the entire file in the device system.
- The new threat in Linux operating system can have 'incalculable' consequences.a new virus that appears to attack a linux system, called linux / shishiga, could become a major security threat.