Title: kaspersky_av: Don't run kav4fs-control or kesl-control if they aren't owned
by root
Class: security
Compatible: compat
Component: checks
Date: 1709025290
Edition: cre
Level: 1
Version: 2.2.0p24
Kaspersky Anti-Virus plugin uses /opt/kaspersky/kav4fs/bin/kav4fs-control and
/opt/kaspersky/kesl/bin/kesl-control commands to monitor a Kaspersky Anti-Virus
installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, kav4fs-control and kesl-control commands are owned
by root and root is the only user with write permissions, which prevents privilege
escalation attacks.
With this Werk, the plugin checks if control commands are owned by root and root
is the only user with write permissions before running the command. If that's not
the case the commands won't be run. This prevents privilege escalation attacks if
the permissions of the control commands have been changed.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).
This CVSS is primarily meant to please automatic scanners.
Show replies by date