Zimbra webmail servers at risk of UnRAR flaw exploitation

The Hacker News reports that threat actors could exploit a path traversal vulnerability in RarLab's UnRAR utility to facilitate arbitrary code execution and compromise Zimbra webmail servers. Discovered by SonarSource researchers, the flaw, tracked as CVE-2022-30333, involves a symbolic link attack prompting the creation of a RAR archive that evades detection through the presence of both forward and backslashes in its symlink. "An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive. If they can write to a known location, they are likely to be able to leverage it in a way leading to the execution of arbitrary commands on the system," said researcher Simon Scannell, who added that installation of UnRAR on the server alone is sufficient to execute the attack. RarLab has already released an updated version of UnRAR to address the vulnerability, which has not affected software versions for Android and Windows.