exploitDog

CVE-2005-2582

Опубликовано: 16 авг. 2005

Источник: nvd

CVSS2: 3.6

EPSS Низкий

Описание

Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing.

Ссылки

ftp://ftp.aerasec.de/pub/advisories/kav4unix/kav4unix-local-root-exploit.txt
Exploit
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=112387573811339&w=2
ftp://ftp.aerasec.de/pub/advisories/kav4unix/kav4unix-local-root-exploit.txt
Exploit
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=112387573811339&w=2

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:5.0.5:*:linux_servers:*:*:*:*:*

EPSS

Процентиль: 13%

0.00043

Низкий

3.6 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-xf39-wv64-h44p

github

почти 4 года назад

Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing.

EPSS

Процентиль: 13%

0.00043

Низкий

3.6 Low

CVSS2

Дефекты

NVD-CWE-Other