CVE-2017-12938 : Security Advisory and Response

UnRAR before version 5.5.7 has a vulnerability that allows remote attackers to bypass a directory-traversal protection mechanism using symbolic links. This can lead to directory traversal attacks.

Understanding CVE-2017-12938

UnRAR version 5.5.7 and earlier versions are susceptible to a security flaw that enables attackers to exploit symbolic links for directory traversal attacks.

What is CVE-2017-12938?

Prior to version 5.5.7, UnRAR is vulnerable to exploitation by remote attackers who can bypass directory-traversal protection using symbolic links.

The Impact of CVE-2017-12938

The vulnerability in UnRAR could allow remote attackers to circumvent directory-traversal protection, potentially leading to unauthorized access to sensitive files and directories.

Technical Details of CVE-2017-12938

UnRAR before version 5.5.7 is affected by a vulnerability that enables attackers to bypass directory-traversal protection using symbolic links.

Vulnerability Description

Attackers can exploit symbolic links to the current directory (.), parent directory (..), and regular files to bypass UnRAR's protection mechanism.

Affected Systems and Versions

Product: UnRAR
Vendor: n/a
Versions affected: Prior to version 5.5.7

Exploitation Mechanism

The vulnerability can be exploited remotely by utilizing symbolic links to manipulate directory traversal and potentially gain unauthorized access.

Mitigation and Prevention

To address CVE-2017-12938, follow these mitigation steps:

Immediate Steps to Take

Update UnRAR to version 5.5.7 or later to mitigate the vulnerability.
Avoid opening archives from untrusted sources to prevent exploitation.

Long-Term Security Practices

Regularly update software and apply security patches to prevent known vulnerabilities.
Implement file system permissions and access controls to restrict unauthorized access.

Patching and Updates

Apply patches and updates provided by the software vendor to address security vulnerabilities promptly.