The US Cybersecurity and Infrastructure Security Agency has issued a warning about a security issue with the UnRAR tool for Linux-based systems.
The vulnerability is being tracked as CVE-2022-30333, and if successfully exploited, the flaw could allow an attacker to use the process of unpacking an archive to write data to an area of storage.
In its known exploited vulnerabilities catalog, CISA says of the security issue: “RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation”.
The vulnerability was revealed several weeks ago by SonarSource, with the company warning that “Unrar Path Traversal Vulnerability affects Zimbra Mail”.
Over on the National Vulnerability Database, it is noted that the vulnerability is currently being analyzed. The entry for the issue reads:
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
There is also the note that “WinRAR and Android RAR are unaffected”.
Image credit: jivacore / Shutterstock
Original Source link