Vulnerability Details CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.247
EPSS Ranking 95.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html
- http://seclists.org/fulldisclosure/2017/Jun/33
- http://www.securityfocus.com/bid/99330
- http://www.securitytracker.com/id/1038798
- https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/42269/
- http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html
- http://seclists.org/fulldisclosure/2017/Jun/33
- http://www.securityfocus.com/bid/99330
- http://www.securitytracker.com/id/1038798
- https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/42269/
Products affected by CVE-2017-9811
-
cpe:2.3:a:kaspersky:anti-virus_for_linux_server:8.0.3.297