Kaspersky Antivirus Client MIME-encoded Scan Bypass

medium Nessus Network Monitor Plugin ID 3841

Synopsis

The antivirus product can be tricked into not scanning potentially malicious files.

Description

The remote host is running the Kaspersky antivirus client.
This version of Kaspersky is vulnerable to a flaw where file scanning can be bypassed by passing malformed MIME-encoded requests. An attacker exploiting this flaw would be able to send malicious files through the antivirus product without being detected.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.quantenblog.net/security/virus-scanner-bypass

Plugin Details

Severity: Medium

ID: 3841

Family: FTP Clients

Published: 12/6/2006

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 3.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:kaspersky_lab:kaspersky_anti-virus

Reference Information

CVE: CVE-2006-6405, CVE-2006-6406, CVE-2006-6407, CVE-2006-6408, CVE-2006-6409

BID: 21461