BID:25189

Kaspersky Anti-Spam Insecure File Permissions Vulnerability

Info

Kaspersky Anti-Spam Insecure File Permissions Vulnerability

Bugtraq ID:	25189
Class:	Design Error
CVE:	CVE-2007-4206
Remote:	No
Local:	Yes
Published:	Aug 01 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	The vendor reported this issue.
Vulnerable:	Kaspersky Anti-Spam 3.0.MP1 CF1 (3.0.274

Not Vulnerable:	Kaspersky Anti-Spam 3.0.MP1 CF2 (3.0.278

Discussion

Kaspersky Anti-Spam Insecure File Permissions Vulnerability

Kaspersky Anti-Spam is prone to an insecure-file-permissions vulnerability.

A local attacker can exploit this issue to gain unauthorized access to certain files of application components. This may lead to other attacks.

Exploit / POC

Kaspersky Anti-Spam Insecure File Permissions Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Kaspersky Anti-Spam Insecure File Permissions Vulnerability

Solution:
The vendor released an update to address this issue. Please see the vendor references for more information.

Kaspersky Anti-Spam 3.0.MP1 CF1 (3.0.274

Kaspersky Version 3.0.278 for FreeBSD 5.x
ftp://dnl-us4.kaspersky-labs.com/products/release/english/antispam/fre ebsd5/kas-3-3.0.278.tbz

Kaspersky Version 3.0.278 for FreeBSD 6.x
ftp://dnl-us4.kaspersky-labs.com/products/release/english/antispam/fre ebsd6/kas-3-3.0.278.tbz

Kaspersky Version 3.0.278.4 for Linux, Debian format
ftp://dnl-us4.kaspersky-labs.com/products/release/english/antispam/deb /kas-3-3.0.278-4.i386.deb

Kaspersky Version 3.0.278.4 for Linux, RPM format (RedHat, SuSE)
ftp://dnl-us4.kaspersky-labs.com/products/release/english/antispam/rpm /kas-3-3.0.278-4.i386.rpm

References

Kaspersky Anti-Spam Insecure File Permissions Vulnerability

References:

Kaspersky Anti-Spam 3.0 MP1 Critical Fix 2 (3.0.278.4) (Kaspersky Lab)
Kaspersky Home Page (Kasperksy)