New UnRAR Vulnerability Could Lead to Zimbra Webmail Hack

A brand new flaw has been found in RARlab’s UnRAR utility that could possibly be exploited to steal emails from particular person Zimbra mail person accounts.

The path traversal vulnerability, discovered within the Unix variations of UnRAR, has been assigned CVE-2022-30333 and a base rating of seven.5 within the Common Vulnerability Scoring System (CVSS).

For context, Zimbra is an enterprise electronic mail answer utilized by over 200,000 companies, authorities and monetary establishments.

Security researchers from Sonar had been reportedly the primary to uncover the UnRAR bug and launched an advisory about it on Tuesday.

“We found a 0-day vulnerability within the UnRAR utility, a third social gathering device utilized in Zimbra,” reads the doc.

The flaw would permit an attacker to create recordsdata outdoors the goal extraction listing when an utility or sufferer person extracts an untrusted archive. 

“If they’ll write to a recognized location, they’re possible to find a way to leverage it in a manner main to the execution of arbitrary instructions on the system,” wrote Sonar.

According to the advisory, profitable exploitation would give attackers entry to all emails despatched and obtained on a compromised electronic mail server.

“They can silently backdoor login functionalities and steal the credentials of a corporation’s customers. With this entry, it’s possible that they’ll escalate their entry to much more delicate, inside companies of a corporation.”

The solely requirement for this assault is that UnRAR was put in on the server, which Sonar stated could be possible as it’s required for RAR archive virus scanning and spam-checking.

Sonar reportedly warned RarLab concerning the flaw on May 04, and the corporate launched a patch on May 06 as a part of version 6.12. Other variations of the software program, together with these for Windows and Android working programs, usually are not impacted by the vulnerability.

The repair comes nearly a 12 months after Zimbra was talked about in a joint US and UK authorities report figuring out the corporate as a possible target of Russian spies.

Related Posts