Headline
CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.
This means that an adversary could exploit the flaw to drop arbitrary files on a target system that has the utility installed simply by decompressing the file. The vulnerability was revealed by SonarSource researcher Simon Scannell in late June.
“RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation,” the agency said in an advisory.
Not much is known about the nature of the attacks, but the disclosure is evidence of a growing trend wherein threat actors are quick to scan for vulnerable systems after flaws are publicly disclosed and take the opportunity to launch malware and ransomware campaigns.
On top of that, CISA has also added CVE-2022-34713 to the catalog after Microsoft, as part of its Patch Tuesday updates on August 9, revealed that it has seen indications that the vulnerability has been exploited in the wild.
Said to be a variant of the vulnerability publicly known as DogWalk, the shortcoming in the Microsoft Windows Support Diagnostic Tool (MSDT) component could be leveraged by a rogue actor to execute arbitrary code on susceptible systems by tricking a victim into opening a decoy file.
Federal agencies in the U.S. are mandated to apply the updates for both flaws by August 30 to reduce their exposure to cyberattacks.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Related news
Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]
Ubuntu Security Notice 6569-1 - it was discovered that libclamunrar incorrectly handled directories when extracting RAR archives. A remote attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that libclamunrar incorrectly validated certain structures when extracting RAR archives. A remote attacker could possibly use this issue to execute arbitrary code.
Gentoo Linux Security Advisory 202309-4 - An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution. Versions greater than or equal to 6.23 are affected.
Whitepaper called Bughunter's Life-Style: A DIY guide to become an alone long time bughunter for ordinary people. Written in Spanish.
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says.
Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. "This vulnerability
Mitigation guidance provided while a patch is being developed
A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected
As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, IT management. The shortcoming,
Plus: Chrome patches another zero-day flaw, Microsoft closes up 100 vulnerabilities, Android gets a significant patch, and more.
Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Everyone seems to want to create the next “Netflix” of something. Xbox’s Game Pass is the “Netflix of video games.” Rent the Runway is a “Netflix of fashion” where customers subscribe to a rotation of fancy clothes. And now threat actors are looking to be the “Netflix of malware.” All categories of malware have some sort of "as-a-service" twist now. Some of the largest ransomware groups in the world operate “as a service,” allowing smaller groups to pay a fee in exchange for using the larger group’s tools. Our latest report on information-stealers points out that “infostealers as-a-service" are growing in popularity, and our researchers also discovered a new “C2 as-a-service" platform where attackers can pay to have this third-party site act as their command and control. And like Netflix, this Dark Utilities site offers several other layers of tools and malware to choose from. This is a parti...
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: patch Tuesday Tags: MSDT Tags: NFS Tags: PPP Tags: Exchange Tags: CVE-2022-34713 Tags: CVE-2022-35743 Tags: DogWalk Tags: CVE-2022-30134 Tags: CVE-2022-24477 Tags: CVE-2022-24516 Tags: CVE-2022-30133 Tags: CVE-2022-34715 Tags: Adobe Tags: Cisco Tags: Google Tags: Android Tags: SAP Tags: VMWare Patch Tuesday for August 2022 has come around. We take a look at the most important vulnerabilities that Microsoft's fixed and a brief look at what other vendors did. (Read more...) The post Update now! Microsoft fixes two zero-days in August's Patch Tuesday appeared first on Malwarebytes Labs.
As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that’s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June. In all, August’s Patch Tuesday includes 15 critical vulnerabilities and a single low- and moderate-severity issue. The remainder is classified as “important.” Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713 are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers it “more likely” to be exploited. Microsoft Exchange Server contains two critical elevation of privilege vulnerabilities, CVE-2...
The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35743.
This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. This issue is exploitable on Zimbra Collaboration versions 9.0.0 Patch 24 and below and 8.8.15 Patch 31 and below provided that UnRAR versions 6.11 or below are installed.
Other applications using binary to extract untrusted archives are potentially vulnerable too
A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.