Many major vulnerabilities found in Kaspersky Antivirus for Linux servers, download the patch here
Leandro Barragan and Maximiliano Vidal, two researchers from network security company Core Security, have found a number of vulnerabilities that can be exploited in the Web Management Console of Kaspersky Anti-Virus for Linux servers.
People expect anti-virus software to protect themselves and data from malware, hackers, but sometimes, even these products exist their own vulnerabilities. Leandro Barragan and Maximiliano Vidal, two researchers from network security company Core Security, have found a number of vulnerabilities that can be exploited in the Web Management Console of Kaspersky Anti-Virus for Linux servers.
- After WannaCry, Petya's "blackmail" malicious code is raging, this is a way to overcome and prevent it
These vulnerabilities will allow hackers to attack the server using methods such as remote attack to root and access the system. Hackers can use Cross-Site Request Forgery technique (CSRF - a type of phishing attack on its own subject, based on unauthorized borrowing and hackers can perform operations requiring authentication) to exploit the vulnerabilities found in Kaspersky Anti-Virus for Linux servers.
Core Security said that this antivirus program does not have anti-CSRF features in any way. This will allow an attacker to achieve low-level privileges, which can then be upgraded to root privileges.
Share more: For Linux and other UNIX operating systems, the root user is equivalent to Administrator user on Windows. Root user has access to the entire file system in the operating system and does whatever it wants.
Other vulnerabilities are also found: cross-site scripting (this is a vulnerability that appears primarily on web apps, allowing hackers to insert malicious code into the app that is dangerous to users) and path traversal ( HTTP vulnerabilities allow hackers to access restricted indexes, execute commands outside the root index of the web server.)
Barragan and Vidal found these flaws in April and quickly contacted Kaspersky Lab. The company has since confirmed all reported vulnerabilities and is working in conjunction with Core Security to fix issues. Patch Patch 13738 includes a fix that was released on June 29 and can also be obtained from the Kaspersky website.
Download patch 13738 at: http://support.kaspersky.com/13738
You should read it
- Do you want to use Kaspersky Antivirus 2016 for free, please read the following article
- 9 best antivirus software for Mac
- Kaspersky launched Internet Security and Antivirus 2010 versions
- Top 10 best Antivirus software in early 2018 for Windows 10
- How to use Kaspersky Free antivirus software
- Instructions for cleaning and optimizing the system with Kaspersky Cleaner
- Kaspersky gave the antivirus software source code to a third party for review
- Former NSA hacker turned Kaspersky antivirus software into a spy tool
- The best antivirus programs for Windows 7
- Kaspersky launches antivirus version for Mac
- How to transfer Kaspersky Free Antivirus to English interface
- 2.5 million Vietnamese bought Kaspersky software
Maybe you are interested
How to use underline styles in Excel This is only 8 hotels with the world's most impressive on-site ice rink Amazing engine in the world, 9 times stronger than the Titanic engine Water can 'cut sweet' concrete and steel. Do you believe that? Learn about how to build houses in a few dozen hours, life expectancy of several decades Inventions that help people have the power of superheroes