SB2017062904 - Multiple vulnerabilities in Kaspersky Anti-Virus for Linux File Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017062904

SB2017062904 - Multiple vulnerabilities in Kaspersky Anti-Virus for Linux File Server

Published: June 29, 2017

Security Bulletin ID SB2017062904
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Cross-site scripting (CVE-ID: CVE-2017-9810)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear


The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability is caused by incorrect filtration of input data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


2) Cross-site request forgery (CVE-ID: CVE-2017-9813)

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a remote attacker to perform CSRF attacks.

The vulnerability exists due to improper validation of HTML code from user-supplied input by the Web Management Console. A remote attacker can execute arbitrary scripting code that originate from the site running the Kaspersky Anti-Virus software and will run in the security context of that site and access the target user's cookies (including authentication cookies)

Successful exploitation of the vulnerability may result in cross-site request forgery conducting.

3) Privilege escalation (CVE-ID: CVE-2017-9811)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear


The disclosed vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a flaw in the quarantine read and write operations. A local attacker with 'kluser' privileges can send a specially crafted input to execute arbitrary commands with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Path traversal (CVE-ID: CVE-2017-9812)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a path traversal flaw in the Web Management Console. A remote attacker can send a specially crafted input and view files on the target system with the 'kluser' privileges.

Successful exploitation of the vulnerability may result in information disclosure.

Remediation

Install update from vendor's website.

References