CISA warns of UnRAR security flaw affecting Linux systems
The US Cybersecurity and Infrastructure Security Agency has issued a warning about a security issue with the UnRAR tool for Linux-based systems.
The vulnerability is being tracked as CVE-2022-30333, and if successfully exploited, the flaw could allow an attacker to use the process of unpacking an archive to write data to an area of storage.
See also:
- Microsoft warns Windows users that a recent update has broken XPS viewing
- WhatsApp is gaining some great new privacy features including screenshot blocking
- Microsoft releases KB5016629 update to fix Windows 11 Start menu problems and security issues
In its known exploited vulnerabilities catalog, CISA says of the security issue: "RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation".
The vulnerability was revealed several weeks ago by SonarSource, with the company warning that "Unrar Path Traversal Vulnerability affects Zimbra Mail".
Over on the National Vulnerability Database, it is noted that the vulnerability is currently being analyzed. The entry for the issue reads:
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
There is also the note that "WinRAR and Android RAR are unaffected".
Image credit: jivacore / Shutterstock
Pingback: CISA warns of UnRAR security flaw affecting Linux systems | BetaNews – Library 11: Antigonish Project Edition
Pingback: Falha de segurança que prejudica sistemas Linux é encontrada - ByBiel Music - NEWS
Pingback: Links 10/08/2022: More Microsoft Layoffs (Second Time This Summer) and Growing IPFS Adoption | Techrights
Pingback: The Art of Covering Up Microsoft Bug Doors | Techrights
Pingback: Falha de segurança que prejudica sistemas Linux é encontrada - (agosto 2022) Vision Art NEWS