RCE Vulnerability In UnRAR Library Affected Zimbra Platform

A extreme distant code execution vulnerability affected the Zimbra electronic mail shopper. The bug usually existed within the UnRAR library that might set off RCE on the Zimbra platform. Thankfully, the bug acquired a repair earlier than malicious exploitation.

Zimbra UnRAR Library Vulnerability

Researchers from Sonar recently shared insights a few extreme safety flaw affecting the Zimbra electronic mail platform.

Specifically, the researchers discovered a zero-day vulnerability in a third-party UnRAR utility utilized in Zimbra that might set off RCE. Exploiting the bug didn’t even require authentication. Describing the bug, CVE-2022-30333, the file write vulnerability within the RarLab’s unrar binary, the researchers acknowledged,

An attacker is ready to create recordsdata exterior of the goal extraction listing when an utility or sufferer consumer extracts an untrusted archive. If they will write to a recognized location, they’re probably to have the ability to leverage it in a approach resulting in the execution of arbitrary instructions on the system.

Although, the bug didn’t straight have an effect on Zimbra. Nonetheless, exploiting it may let an attacker entry the despatched and acquired emails on the compromised electronic mail server. An adversary may additionally deploy backdoors on compromised servers, steal credentials and different knowledge, and achieve entry to different unauthorized areas on the community. Such specific entry turned doable as a result of unhindered permissions to UnRar utility for Zimbra.

The researchers have shared the technical details of the vulnerability of their publish.

Patch Deployed

Following this discovery, Sonar researchers reported the matter to RarLab, and “gave a heads-up” to Zimbra for an upcoming repair.

Eventually, RarLab patched the vulnerability with UnRar binary model 6.12. Hence, all UnRar utility customers ought to get this patched model or later to obtain the repair.

Besides, Zimbra additionally addressed the glitch by configuring 7z as default for extracting RAR archives by Amavis as an alternative of UnRar.

Let us know your ideas within the feedback.

https://latesthackingnews.com/2022/07/09/rce-vulnerability-in-unrar-library-affected-zimbra-platform/

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Zimbra UnRAR Library Vulnerability

Patch Deployed

Related Posts

Judicial Watch Settles Historic Hillary Clinton Email Lawsuit!

Email Hosting Services Market Rewriting Long Term Growth Story As Revealed In New Report

But Their Emails: Republicans React to Their Own Email Scandal

Dedicated SMTP Server For Bulk Mailing | By Time4Servers | by Time4Servers Technologies | Apr, 2024

Three ways to boost your email security and brand reputation with AWS

Former FBI Deputy Director Andrew McCabe finds ‘nauseating similarities’ between Biden special counsel report and Hillary Clinton email case