CVE-2017-9811

Name of the Vulnerable Software and Affected Versions Kaspersky Anti-Virus for Linux File Server versions prior to 8.0.4.312

Description The issue exists due to insufficient input validation during quarantine read and write operations in the kav4fs-control service. This can be exploited by a remote attacker with kluser privileges to elevate their privileges to root.

Recommendations For versions prior to 8.0.4.312, update to version 8.0.4.312 or later to resolve the issue. As a temporary workaround, consider restricting access to the kav4fs-control binary to minimize the risk of exploitation.