CVE-2005-2582 — LAB Kaspersky Anti-virus vulnerability

3 documents3 sources

Severity

3.6LOWNVD

EPSS

0.0%

top 87.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kaspersky LAB Kaspersky Anti-virus

Timeline

PublishedAug 16

Latest updateMay 3

Description

Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

▶NVDkaspersky_lab/kaspersky_anti-virus5.0.5

Patches

Patch: ftp.aerasec.de ↗Patch: ftp.aerasec.de ↗

🔴Vulnerability Details

GHSA

GHSA-xf39-wv64-h44p: Kaspersky Anti-Virus for Unix/Linux File Servers 5↗2022-05-03

▶

CVEList

CVE-2005-2582: Kaspersky Anti-Virus for Unix/Linux File Servers 5↗2005-08-16

▶