Many major vulnerabilities found in Kaspersky Antivirus for Linux servers, download the patch here
People expect anti-virus software to protect themselves and data from malware, hackers, but sometimes, even these products exist their own vulnerabilities. Leandro Barragan and Maximiliano Vidal, two researchers from network security company Core Security, have found a number of vulnerabilities that can be exploited in the Web Management Console of Kaspersky Anti-Virus for Linux servers.
- After WannaCry, Petya's "blackmail" malicious code is raging, this is a way to overcome and prevent it
These vulnerabilities will allow hackers to attack the server using methods such as remote attack to root and access the system. Hackers can use Cross-Site Request Forgery technique (CSRF - a type of phishing attack on its own subject, based on unauthorized borrowing and hackers can perform operations requiring authentication) to exploit the vulnerabilities found in Kaspersky Anti-Virus for Linux servers.
Core Security said that this antivirus program does not have anti-CSRF features in any way. This will allow an attacker to achieve low-level privileges, which can then be upgraded to root privileges.
Share more: For Linux and other UNIX operating systems, the root user is equivalent to Administrator user on Windows. Root user has access to the entire file system in the operating system and does whatever it wants.
Other vulnerabilities are also found: cross-site scripting (this is a vulnerability that appears primarily on web apps, allowing hackers to insert malicious code into the app that is dangerous to users) and path traversal ( HTTP vulnerabilities allow hackers to access restricted indexes, execute commands outside the root index of the web server.)
Barragan and Vidal found these flaws in April and quickly contacted Kaspersky Lab. The company has since confirmed all reported vulnerabilities and is working in conjunction with Core Security to fix issues. Patch Patch 13738 includes a fix that was released on June 29 and can also be obtained from the Kaspersky website.
Download patch 13738 at: http://support.kaspersky.com/13738
You should read it
- Kaspersky launched Internet Security and Antivirus 2010 versions
- Top 10 best Antivirus software in early 2018 for Windows 10
- How to use Kaspersky Free antivirus software
- Instructions for cleaning and optimizing the system with Kaspersky Cleaner
- Kaspersky gave the antivirus software source code to a third party for review
- Former NSA hacker turned Kaspersky antivirus software into a spy tool
- The best antivirus programs for Windows 7
- Kaspersky launches antivirus version for Mac
May be interested
- Kaspersky gave the antivirus software source code to a third party for reviewthe russian antivirus company offers a 'comprehensive transparency initiative', allowing independent third parties to evaluate their source code and internal processes to win users' trust.
- Please download Kaspersky Cloud Free 2020 - free anti-virus and PC protection softwarekaspersky cloud free 2020 is kaspersky's free antivirus software.
- How to transfer Kaspersky Free Antivirus to English interfacein the previous article, we showed you how to install as well as free kaspersky anti-virus software. however, since this version is only released in russia and ukraine, the language used will also be russian, which makes it difficult to use.
- How to block Specter Variant 2 Patch on Windows 10microsoft has released a windows 10 kb4078130 update to disable patches for two meltdown and specter vulnerabilities that caused a reboot problem on some devices. however, if you do not want to waste storage space, users can adjust themselves without having to download additional kb4078130.
- 7 best antivirus programs for Ubuntuviruses can still be spread, especially if you have a samba server (to share windows files on linux) or external devices often interact with both linux and windows.
- Top 10 best Antivirus software in early 2018 for Windows 10accordingly, the antivirus software from kaspersky, mcafee and vipre security all received 6 points in the security, performance and usability categories. with a maximum score of 18/18, all three anti-virus software ranked first in the rankings.
- Steps to remove temporary files stored on Kasperskylike other programs and antivirus applications, in the process of using kaspersky internet security software, kaspersky will store temporary files in a folder hidden deep in the system drive.
- Update the AVP Tool Kaspersky Virus Removal Tool database manuallyone of kaspersky's free and effective antivirus tools is kaspersky virus removal tool, also known as avptool. avptool can scan malware in system memory, services, hidden programs on startup, disk boot sectors, email and hard drives.
- Microsoft releases performance patch to prepare for major Windows 10 updatebefore releasing a major update for windows 10, microsoft usually rolls out a small patch to tweak users' computers.
- Samba vulnerabilities allow hackers to invade thousands of remote Linux computersa 7-year-old vulnerability was found on samba software, allowing an attacker to hack and control linux and unix computers remotely.