CVE-2017-9811

CRITICAL

Kaspersky Anti-Virus for Linux File Server < 8.0.3.297 - Privilege Escalation via Quarantine Operations

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9811. PoCs published by Core Security.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Kaspersky Anti-Virus for Linux File Server's Web Management Console, allowing remote command execution as the 'kluser' account. It also describes a privilege escalation to root via the quarantine functionality.

Description

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappslinux

https://www.exploit-db.com/exploits/42269

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Kaspersky Anti-Virus for Linux File Server's Web Management Console, allowing remote command execution as the 'kluser' account. It also describes a privilege escalation to root via the quarantine functionality.

Classification

Working Poc 95%

Attack Type

Rce | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Kaspersky Anti-Virus for Linux File Server 8.0.3.297

Auth required

Prerequisites: Authenticated session to the Web Management Console · Network access to the target server

MITRE ATT&CK