UnRAR Vulnerability Lets Attackers Hack Zimbra Webmail Servers

It has been reported that a new security vulnerability has been disclosed in RARlab’s UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. Following responsible disclosure on May 4, 2022, the shortcoming was addressed by RarLab as part of version 6.12 released on May 6. 

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Satya Gupta
Satya Gupta , CTO
InfoSec Expert
July 1, 2022 2:18 pm

“Another day, another remote code execution vulnerability. It has been said before; the world runs on software. And while vulnerabilities persist within software, cybersecurity defenders will be one step behind attackers. The only way to eradicate gaps within security is to move toward a proactive stance, in which vulnerabilities are blocked before they can be exploited. With deterministic protection, patching can be done on a reasonable schedule instead of being done on an emergency basis that not only taxes the enterprise’s IT resources no end but also exposes the enterprise to serious risk.”

Last edited 5 months ago by Satya Gupta
1
0
Would love your thoughts, please comment.x
()
x