Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2022-30333

Published: 09/05/2022 Updated: 17/09/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 581
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Unrar

Vulnerability Summary

RARLAB UnRAR prior to 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rarlab unrar

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2022-30333 (unrar file write vulnerability) patch not yet available for Debian 10 packages
Debian Bug report logs - #1010837 CVE-2022-30333 (unrar file write vulnerability) patch not yet available for Debian 10 packages Package: unrar; Maintainer for unrar is UnRar maintainer team <team+unrar-nonfree@trackerdebianorg>; Source for unrar is src:unrar-nonfree (PTS, buildd, popcon) Reported by: vulnerabilityresearc ...

Exploits

Exploit DB: Zimbra UnRAR Path Traversal
This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333 If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system T ...
Exploit DB: UnRAR Path Traversal in Zimbra (CVE-2022-30333)
This module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333 If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary ...
Exploit DB: UnRAR Path Traversal (CVE-2022-30333)
This module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system UnRAR fixed this vulnerability in version 612 (open source version 617) The core issue is that when a symbolic link ...

Metasploit Modules

UnRAR Path Traversal in Zimbra (CVE-2022-30333)

This module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. This issue is exploitable on the following versions of Zimbra, provided UnRAR version 6.11 or earlier is installed: * Zimbra Collaboration 9.0.0 Patch 24 (and earlier) * Zimbra Collaboration 8.8.15 Patch 31 (and earlier)

msf > use exploit/linux/http/zimbra_unrar_cve_2022_30333
msf exploit(zimbra_unrar_cve_2022_30333) > show targets
    ...targets...
msf exploit(zimbra_unrar_cve_2022_30333) > set TARGET < target-id >
msf exploit(zimbra_unrar_cve_2022_30333) > show options
    ...show and set options...
msf exploit(zimbra_unrar_cve_2022_30333) > exploit
UnRAR Path Traversal (CVE-2022-30333)

This module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.1.7). The core issue is that when a symbolic link is unRAR'ed, Windows symbolic links are not properly validated on Linux systems and can therefore write a symbolic link that points anywhere on the filesystem. If a second file in the archive has the same name, it will be written to the symbolic link path.

msf > use exploit/linux/fileformat/unrar_cve_2022_30333
msf exploit(unrar_cve_2022_30333) > show targets
    ...targets...
msf exploit(unrar_cve_2022_30333) > set TARGET < target-id >
msf exploit(unrar_cve_2022_30333) > show options
    ...show and set options...
msf exploit(unrar_cve_2022_30333) > exploit

Github Repositories

https://github.com/J0hnbX/CVE-2022-30333

A proof of concept for CVE-2022-30333 - a path traversal vulnerability in unRAR versions prior to 611 I created this as a demonstration of the exploit for an AttackerKB writeup, and hope to incorporate it in a Metasploit Module soon! Basically, you provide a target (including path traversal) and some file data, and this tool will generate a rar that will extract that file to

https://github.com/aslitsecurity/Zimbra-CVE-2022-30333

Zimbra unrar vulnerability. Now there are already POC available, it is safe to release our POC.

Zimbra-CVE-2022-30333 Zimbra unrar vulnerability Now there are already POC available, it is safe to release our POC CVE-2022-30333 Zimbra UNRAR vulnerability Unrar till V 611 vulnerable Make sure your jsp shell is undetected This exploit will work on zimbra installed on default path Place your webshell in folder root_ver Remove existing shelljsp file And then rar the

https://github.com/TheL1ghtVn/CVE-2022-30333-PoC

CVE-2022-30333-POC Sample file to test CVE-2022-30333 Samplerar : if you want to test on Linux When you extract, it create trav in //tmp/traversed Please be sure that directory //tmp/traversed exists before extracting Samplerar exprar : if you want to test on Zimbra Mail server When you extract, it create mootxt in /opt/zimbra/jetty_base/webapps/zimbra/public

https://github.com/rbowes-r7/unrar-cve-2022-30333-poc

A proof of concept for CVE-2022-30333 - a path traversal vulnerability in unRAR versions prior to 611 I created this as a demonstration of the exploit for an AttackerKB writeup, and hope to incorporate it in a Metasploit Module soon! Basically, you provide a target (including path traversal) and some file data, and this tool will generate a rar that will extract that file to

Recent Articles

If you haven't patched Zimbra holes by now, assume you're toast
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Here's how to detect an intrusion via vulnerable email systems How do you choose a Cloud Security Provider?

Organizations that didn't immediately patch their Zimbra email systems should assume miscreants have already found and exploited the bugs, and should start hunting for malicious activity across IT networks, according to Uncle Sam. In a security alert updated on Monday, the US government's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that cybercriminals are actively exploiting five vulnerabilities in the Zimbr...

Read more...

References

CWE-22https://www.rarlab.com/rar/rarlinux-x32-612.tar.gzhttps://www.rarlab.com/rar_add.htmhttps://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00022.htmlhttps://security.gentoo.org/glsa/202309-04https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010837https://nvd.nist.govhttps://github.com/aslitsecurity/Zimbra-CVE-2022-30333
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook