Audacity is an extremely popular open source audio editor, with hundreds of millions of downloads on the books. But due to some controversy over changes the Muse Group wanted to implement when they took ownership of the project back in 2021, the userbase has fractured somewhat. Some users simply stick with an older version of the program, while others have switched over to one of the forks that have popped up in the last couple of years.
The Wavacity project by [Adam Hilss] is a bit of both. It looks and feels just like an older version of Audacity (specifically, 3.0.0). But the trick here is that he’s managed to get it working with WebAssembly (WASM) so you can run it in your browser. Impressively, it even works on mobile devices. Though the Audacity UI, which already carries the sort of baggage you’d expect from a program that’s more than 20 years old, is hardly suited to a touch screen. Continue reading “Audacity Runs Surprisingly Well In Your Browser”
There’s a problem in the
unrar utility, and as a result, the Zimbra mail server was vulnerable to Remote Code Execution by simply sending an email. So first,
unrar is a source-available command-line application made by RarLab, the same folks behind WinRAR. CVE-2022-30333 is the vulnerability there, and it’s a classic path traversal on archive extraction. One of the ways this attack is normally pulled off is by extracting a symlink to the intended destination, which then points to a location that should be restricted.
unrar has code hardening against this attack, but is sabotaged by its cross-platform support. On a Unix machine, the archive is checked for any symbolic links containing the
../ pattern. After this check is completed, a function runs to convert any Windows paths to Unix notation. As such, the simply bypass is to include symlinks using
..\ traversal, which don’t get caught by the check, and then are converted to working directories.
That was bad enough, but Zimbra made it worse by automatically extracting
.rar attachments on incoming emails, in order to run a virus and spam check. That extraction isn’t sandboxed, so an attacker’s files are written anywhere on the filesystem the
zimbra user can write. It’s not hard to imagine how this turns into a full RCE very quickly. If you have an
unrar binary based on RarLab code, check for version 6.1.7 or 6.12 of their binary release. While Zimbra was the application specifically called out, there are likely to be other cases where this could be used for exploitation.
Continue reading “This Week In Security: Zimbra RCE, Routers Under Attack, And Old Tricks In WebAssembly”