CVE-2005-2582

Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing.

Published: Aug 16, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2582
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:N/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
kaspersky_lab / kaspersky_anti-virus	5.0.5	5.0.5.x

ftp://ftp.aerasec.de/pub/advisories/kav4unix/kav4unix-local-root-exploit.txt
http://marc.info/?l=bugtraq&m=112387573811339&w=2

Vulnerability Database

289,697

CVE-2005-2582