Kaspersky Anti-Virus for Linux File Server Has Serious Vulnerabilities

[rakhirhif8963]

IncreaseKaspersky Lab recommends its customers to update their antivirus for Linux File Server 8.0.3.297 to the new version CF4
Kaspersky Lab recommends its customers to update their antivirus for Linux File Server 8.0.3.297 to the new version CF4
CoreLabs, a division of Core Security, has discovered a number of vulnerabilities in Kaspersky Lab's antivirus for Linux File Server 8.0.3.297, ZDNet reports. This product is designed to protect workstations and file servers in heterogeneous networks, supports current versions of FreeBSD, and is VMware Ready certified. In total, CoreLabs experts counted four security issues in the antivirus for Linux File Server 8.0.3.297.

The first of them (CVE-2017-9813) can be used namibia mobile database cross-site scripting (XSS), that is, it allows attackers to inject malicious code into a page issued by a web system, which is usually executed on the client side (in the user's browser), and not on the server. The essence of XSS is as follows: an attacker affects the scripts of a web application, changing their execution. As a result, a script is embedded in the page, which will be executed every time the page is loaded or when a certain event occurs. The vulnerability can also lead to the loss of information stored in cookies.

CVE-2017-9810 is the second vulnerability in Linux File Server 8.0.3.297 that can cause cross-site request forgery attacks. The attack is carried out by placing a link or script on a web page that attempts to access a site on which the attacked user is already (or is believed to be) authenticated. One of the uses of this vulnerability is to exploit passive XSS found on another server. It is also possible to send spam on behalf of the victim and change some account settings on other sites (for example, a secret question for password recovery).