New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers

by admin 0 Comments

Cyber Security

Products You May Like

Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

A new security vulnerability has been disclosed in RARlab’s UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary.

The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.

Following responsible disclosure on May 4, 2022, the shortcoming was addressed by RarLab as part of version 6.12 released on May 6. Other versions of the software, including those for Windows and Android operating systems, are not impacted.

“An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive,” SonarSource researcher Simon Scannell said in a Tuesday report. “If they can write to a known location, they are likely to be able to leverage it in a way leading to the execution of arbitrary commands on the system.”

It’s worth pointing out that any software that utilizes an unpatched version of UnRAR to extract untrusted archives is affected by the flaw.

This also includes Zimbra collaboration suite, wherein the vulnerability could lead to pre-authenticated remote code execution on a vulnerable instance, giving the attacker complete access to an email server and even abuse it to access or overwrite other internal resources within the organization’s network.

The vulnerability, at its heart, relates to a symbolic link attack in which a RAR archive is crafted such that it contains a symlink that’s a mix of both forward slashes and backslashes (e.g., “……tmp/shell”) so as to bypass current checks and extract it outside of the expected directory.

CyberSecurity

More specifically, the weakness has to do with a function that’s designed to convert backslashes (”) to forward slashes (‘/’) so that a RAR archive created on Windows can be extracted on a Unix system, effectively altering the aforementioned symlink to “../../../tmp/shell.”

By taking advantage of this behavior, an attacker can write arbitrary files anywhere on the target filesystem, including creating a JSP shell in Zimbra’s web directory and execute malicious commands.

“The only requirement for this attack is that UnRAR is installed on the server, which is expected as it is required for RAR archive virus-scanning and spam-checking,” Scannell noted.

This article was originally published by Thehackernews.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Crypto company Consensys sued by SEC as regulator continues industrywide crackdown
CMF Phone 1 Specifications Revealed Ahead of Launch on July 8; to Feature MediaTek Dimensity 7300 Chipset
New Attack Technique Exploits Microsoft Management Console Files
Best Tech Deals of the Week: iPhone 14 Plus, Motorola Edge 50 Pro and More
iOS 18, iPadOS 18 Developer Beta Users Can Now Format External Drives Via Files App

Leave a Reply

Your email address will not be published. Required fields are marked *