Описание
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-30333
- https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day
- https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html
- https://security.gentoo.org/glsa/202309-04
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-30333
- https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz
- https://www.rarlab.com/rar_add.htm
- http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
Связанные уязвимости
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal ...
Уязвимость средства разархивирования файлов UnRAR, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю перезаписать произвольные файлы