• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-30333- A Path Traversal Vulnerability In Unrar Let Attackers To Hack Zimbra Mail Servers
How to Fix CVE-2022-30333- A Path Traversal Vulnerability in Unrar

Researchers uncover a new vulnerability in RARlab’s Unrar utility. The vulnerability tracked with the CVE ID CVE-2022-30333 is a high severity vulnerability that has a CVSS score of 7.5 out of 10. Since the vulnerability allows a remote attacker to carry out an arbitrary code execution attack on a vulnerable Zimbra instance without requiring any prior authentication, it is important to fix the CVE-2022-30333 vulnerability at the earliest. We have created this post to let you know how to fix CVE-2022-30333, a path traversal vulnerability in Unrar utility.

About Zimbra:

Open Source Email and Collaboration.

Zimbra is an open-source server and client technology for next-generation enterprise messaging and collaboration. Available in both on-premises and cloud deployment models, Zimbra provides users with a modern, feature-rich email experience that includes calendaring, tasks, contacts, document collaboration, social networking features, and much more.

Zimbra is used by some of the largest organizations in the world, including Comcast, T-Mobile, IBM, Yahoo!, and many others.

Zimbra is developed by a team of passionate engineers located around the globe and is available in over 25 languages.

Zimbra offers two different editions: the Network Edition and the Open Source Edition. The Network Edition provides additional features and support options not available in the Open Source Edition.

The following table outlines the key differences between the two editions:

FeatureNetwork EditionOpen Source Edition
Paid supportYesNo
Premium email and collaboration featuresYesNo
Zimbra Connector for OutlookYesNo
Zimbra Mobile syncYesNo
Zimbra DesktopYesNo
Migration tools and servicesYesNo
24×7 phone and email supportYesNo

Summary Of CVE-2022-30333:

This is a Path Traversal Vulnerability discovered in Unrar utility, a 3rd party tool used in Zimbra to extract archived attachments come in the email attachment, developed by RarLab, the same company that developed WinRAR. The flaw allows a remote attacker to carry out an arbitrary code execution attack on a vulnerable Zimbra instance without requiring any prior authentication. If you ignore fixing the flaw, the attackers may abuse the flaw to access every single email sent and received on a compromised email server. With this access, attackers can gain access to even more sensitive internal services of an organization.

SonarSource researcher Simon Scannell said in its report, “An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive. If they can write to a known location, they are likely to be able to leverage it in a way leading to the execution of arbitrary commands on the system.”

Associated CVE IDCVE-2022-30333
DescriptionA Path Traversal Vulnerability in Unrar Let Attackers to Hack Zimbra Mail Servers
Associated ZDI ID
CVSS Score7.5 High
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
Confidentiality (C)None
Integrity (I)High
availability (a)None

Technical Details:

As you know, Zimbra uses Unrar utility to extract archives received from incoming emails. Zimbra extracts archives to examine virus and spam detection. The issue lice in the detection of malicious archives created using symbolic links. Attackers abuse this vulnerability and extract a symbolic link that points outside of the extraction directory and then dereference it with a second file. Please read the report for more technical details. This symbolic link vulnerability will give way for path traversal vulnerability in Unrar.

See Also  How to Fix CVE-2023-25136- A Pre-Authentication Double Free Vulnerability in OpenSSH?

The best mechanism to defeat this symbolic link bypass vulnerability is to check both the Absolute and Relative Symbolic Paths in the extract and neutralize them before forwarding them to the next process.

Zimbra Versions Affected By CVE-2022-30333, A Path Traversal Vulnerability In Unrar

This Path Traversal Vulnerability was not related to Zimbra as long as the deployment doesn’t include the Unrar package. The flaw affects if Unrar is installed on the Zimbra server. Since. Zimbra uses Unrar to extract the archives that come in as attachments in the emails. It is important to check the version of Unrar and upgrade it to the patched version.

Unrar Versions Vulnerable to CVE-2022-30333:

  1. Source Code versions less than or equal to 6.1.6.
  2. Binary package versions less than or equal to 6.11.

How To Fix CVE-2022-30333- A Path Traversal Vulnerability In Unrar Let Attackers To Hack Zimbra Mail Servers?

RarLab, the creator of Unrar utility, has patched this symbolic link bypass vulnerability in the source code version 6.1.7 and binary package version 6.12. We recommend upgrading the Unrar to a version greater than or equal to v6.1.7 or v6.12, depending on the operating system.

The report also says that Zimbra has addressed this issue by replacing Unrar with 7z to extract the archived attachments. So make sure that your Zimbra is using 7z instead of Unrar.

We hope this post would help you know how to fix CVE-2022-30333, a path traversal vulnerability in Unrar utility. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, Medium & Instagram, and subscribe to receive updates like this. 

Read More:

About the author

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.