Many major vulnerabilities found in Kaspersky Antivirus for Linux servers, download the patch here

Leandro Barragan and Maximiliano Vidal, two researchers from network security company Core Security, have found a number of vulnerabilities that can be exploited in the Web Management Console of Kaspersky Anti-Virus for Linux servers.

People expect anti-virus software to protect themselves and data from malware, hackers, but sometimes, even these products exist their own vulnerabilities. Leandro Barragan and Maximiliano Vidal, two researchers from network security company Core Security, have found a number of vulnerabilities that can be exploited in the Web Management Console of Kaspersky Anti-Virus for Linux servers.

  1. After WannaCry, Petya's "blackmail" malicious code is raging, this is a way to overcome and prevent it

These vulnerabilities will allow hackers to attack the server using methods such as remote attack to root and access the system. Hackers can use Cross-Site Request Forgery technique (CSRF - a type of phishing attack on its own subject, based on unauthorized borrowing and hackers can perform operations requiring authentication) to exploit the vulnerabilities found in Kaspersky Anti-Virus for Linux servers.

Core Security said that this antivirus program does not have anti-CSRF features in any way. This will allow an attacker to achieve low-level privileges, which can then be upgraded to root privileges.

Share more: For Linux and other UNIX operating systems, the root user is equivalent to Administrator user on Windows. Root user has access to the entire file system in the operating system and does whatever it wants.

Other vulnerabilities are also found: cross-site scripting (this is a vulnerability that appears primarily on web apps, allowing hackers to insert malicious code into the app that is dangerous to users) and path traversal ( HTTP vulnerabilities allow hackers to access restricted indexes, execute commands outside the root index of the web server.)

Barragan and Vidal found these flaws in April and quickly contacted Kaspersky Lab. The company has since confirmed all reported vulnerabilities and is working in conjunction with Core Security to fix issues. Patch Patch 13738 includes a fix that was released on June 29 and can also be obtained from the Kaspersky website.

Picture 1 of Many major vulnerabilities found in Kaspersky Antivirus for Linux servers, download the patch here

Download patch 13738 at: http://support.kaspersky.com/13738

Update 23 May 2019
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile