A newly disclosed security vulnerability in the popular 7-Zip file compression software has raised significant concerns in the cybersecurity community.
  • woodytrombone@lemmy.worldEnglish
    19·
    1 month ago

    WinRAR users, you’re not safe either. CVE-2025-8088 published a few days ago looks like it’s exploiting the same/similar pathway.

  • andyburke@fedia.io
    15·
    1 month ago

    How is a 7-zip user process able to write to system files, even if it is a symlink?

    Either the security issue is outside 7-zip or this writeup doesn’t make much sense.

    • Elvith Ma'for@feddit.orgEnglish
      17·
      1 month ago

      If you click through to the original advisory it becomes clear, why this is rated quite low: because of what you said. Quote:

      An attacker may leverage this arbitrary file write to achieve unauthorized access/code execution, such as by overwriting a user’s SSH keys or .bashrc file

      You can write to whatever the user has access, but that’s usually your home. To wreak havoc you need to either be lucky, or use some somewhat known files and paths that you can reasonably expect to exist - such as ~/.ssh/config or ~/.ssh/known_hosts or maybe a private ssh key. Otherwise you could add an alias to the shell profile for a command that you expect the user to run (e.g. alias ls to rm -rf ~). You could get quite creative with the last one (e.g. alias apt, dnf, zypper, etc. to any executable you want to run with sudo).

      Edit: Why the fuck does Lemmy change a tilde to whatever attempt at turning it into an html tag that is?!

        • Elvith Ma'for@feddit.orgEnglish
          4·
          1 month ago

          Found the problem, it’s just the app Jerboa that somehow renders it strangely. Lemmy itself seems to behave fine

          ~/.ssh/config or ~/.ssh/known_hosts

          as

          <sub>/.ssh/config or </sub>/.ssh/known_hosts
  • Bubs@lemmy.zipEnglish
    5·
    1 month ago

    From the article about what is vulnerable:

    For Linux systems, attackers need the target to be using a vulnerable 7-Zip version while extracting an archive format that supports symbolic links, such as ZIP, TAR, 7Z, or RAR files.

    On Windows systems, additional requirements must be met for successful exploitation. The 7-Zip extraction process must have elevated privileges or operate in Windows Developer Mode to create symbolic links. This makes Windows systems somewhat less susceptible but not immune to the attack.

    So Linux users would have to scan for symbiotic links beforehand, and Windows users just need to never run with elevated privileges, or scan beforehand if they do (I’m assuming that elevated privileges means “run as administrator”?)