PT-2005-3472 · Kaspersky · Kaspersky Anti-Virus For Linux File Server

Dr. Peter Bieringer

Published

2005-08-16

Updated

2016-10-18

CVE-2005-2582

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Kaspersky Anti-Virus for Unix/Linux File Servers version 5.0-5

Description The issue concerns world-writable permissions for the log and license directory. This allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys, which can prevent keepup2date from executing properly.

Recommendations For version 5.0-5, consider changing the permissions of the log and license directories to prevent world-writable access, and restrict access to these directories to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2582

Affected Products

Kaspersky Anti-Virus For Linux File Server

PT-2005-3472 · Kaspersky · Kaspersky Anti-Virus For Linux File Server

CVE-2005-2582

Related Identifiers

Affected Products

References · 3