WinRaR security alert.

Open discussion forum. For topics that do not fit anywhere else.

Moderator: POL Developer

Post Reply
Yukiko
Distro Developer
Posts: 2687
Joined: Thu Feb 02, 2006 1:41 pm
Location: San Antonio, Texas
Contact:

WinRaR security alert.

Post by Yukiko » Sat Mar 23, 2019 7:29 pm

If anyone is using WinRaR, you need to update to the latest version. A vulnerability was found in the ACE compressed file format that allows any file being decompressed from an ACE archive to escape from the target directory and traverse backward up the directory tree, otherwise known as an "absolute path traversal vulnerability". WinRaR determines the type of the archive by inspection, not by believing the file extension. So an attacker could rename the ACE file with a RAR extension and you might think you are downloading a RAR compressed file when in fact you are downloading a potentially malicious ACE compressed file. There have been found more than 100 different exploits in the wild attempting to take advantage of this vulnerability.

DevGIB
Grandmaster Poster
Posts: 231
Joined: Mon Feb 06, 2006 6:12 am

Re: WinRaR security alert.

Post by DevGIB » Sun Mar 31, 2019 4:14 pm

And update your PuTTY ;)

Post Reply