
We notify Zimbra of the planned release date for this blog post. Zimbra notifies us that they were able to reproduce the vulnerability. We notify Debian and Ubuntu package maintainers of the security issue. We notice a flaw in our Proof-of-Concept and send Zimbra more files to help them verify the issue. We send a dedicated email to Zimbra regarding this issue and send the Proof-of-Concept exploit again. RarLab releases version 6.12 of the binary on their website. We confirm the patch is effective the same day. We give them a heads up about an upcoming security patch from RarLab and send them a Proof-of-Concept exploit to verify that the issue affects Zimbra We are already in communication with Zimbra about another issue.
#Online unrar archive
“The only requirement for this attack is that unrar is installed on the server, which is expected as it is required for RAR archive virus-scanning and spam-checking.” continues the report.īelow is the timeline for this issue: Date
#Online unrar install
An attacker can fully compromise a server and install a backdoor and use the compromised machine as a pivot to target other systems withing the organization. The experts pointed out that In the case of Zimbra, threat actors could exploit this issue to access every email sent and received on a compromised email server. The CVE-2022-30333 flaw in the unrar binary developed by RarLab is a File Write vulnerability that could be exploited by tricking victims into extracting maliciously crafted RAR archives. If they can write to a known location, they are likely to be able to leverage it in a way leading to the execution of arbitrary commands on the system.” “An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive. The vulnerability ultimately allows a remote attacker to execute arbitrary code on a vulnerable Zimbra instance without requiring any prior authentication or knowledge about it.” reads the post published by SonarSource researchers. “we discovered a 0-day vulnerability in the unrar utility, a 3rd party tool used in Zimbra. Zimbra is an enterprise-ready email solution used by over 200,000 businesses, government and financial institutions. SonarSource researchers have discovered a new vulnerability in RARlab’s UnRAR utility, tracked as CVE-2022-30333, that can be exploited by remote attackers to execute arbitrary code on a system that relies on the binary, like Zimbra webmail servers. Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers.
