• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Kaspersky Anti-Virus For Unix Local Insecure Default Permission Vulnerabilities

Kaspersky Anti-Virus for Unix File Servers is susceptible to two local insecure default permission vulnerabilities. These issues are due to the application failing to secure newly created directories upon installation.

The first insecure directory is used by the 'kavmonitor' binary to log actions of the anti-virus scanner. Attackers may exploit this vulnerability to delete or alter log files to obscure attack traces, or use symbolic links to cause the affected utility to overwrite arbitrary files with superuser privileges.

The second insecure directory is used to hold licensing data for the product. Attackers may delete or alter the license key files, causing the 'keepup2date' utility to fail. This utility is used by the application to keep the anti-virus signatures updated.

These vulnerabilities are reported in version 5.5-2 of Kaspersky Anti-Virus for Unix. Other versions may also be affected.