• Security Advisory on RAR

    From Matthew Munson@1:218/109 to All on Saturday, March 16, 2019 11:12:02
    Upgrade to 5.70 ASAP

    https://www.ghacks.net/2019/02/21/winrar-has-a-critical-security-bug-here-is-the-fix/

    WinRAR has a critical security bug: here is the fix
    by Martin Brinkmann on February 21, 2019 in Security - 33 comments
    WinRAR is a very popular software to create and extract archives on Windows and
    other
    supported operating systems. Part of its popularity comes from its support for different
    types of packing formats, another that the software's trial version never expires.

    A bug was discovered recently that affects all versions of WinRAR prior to 5.70. The bug,
    a remote code execution vulnerability, affects all WinRAR versions and thus all
    500
    million users that use the application.

    Security researchers discovered a flaw in a library that WinRAR uses to extract
    files from
    archives packed with the ACE format.

    Attackers can exploit the vulnerability by pushing specially prepared archives to user
    systems. The bug can be abused to extract the files into any folder on the system
    instead of the folder selected by the user or the default folder for extracted files.
    --- Platinum Xpress/Win/WINServer v7.0
    * Origin: Inland Utopia BBS * Ontario, CA * iutopia.dtdns.net (1:218/109)
  • From Sean Dennis@1:18/200 to Matthew Munson on Tuesday, March 19, 2019 16:58:37
    Hello Matthew.

    16 Mar 19 11:12, you wrote to All:

    WinRAR has a critical security bug: here is the fix

    Wouldn't be the first time this has happened with RAR. I quit using it.

    Later,
    Sean

    --- GoldED/2 3.0.1
    * Origin: Outpost BBS - bbs.outpostbbs.net (1:18/200)
  • From Matthew Munson@1:218/109 to Sean Dennis on Tuesday, March 19, 2019 23:31:30

    16 Mar 19 11:12, you wrote to All:

    WinRAR has a critical security bug: here is the fix

    Wouldn't be the first time this has happened with RAR. I quit using it.
    I got it on sale for 21 bucks so thats why I have it on my BBS VM.
    --- Platinum Xpress/Win/WINServer v7.0
    * Origin: Inland Utopia BBS * Ontario, CA * iutopia.dtdns.net (1:218/109)
  • From mark lewis@1:3634/12.73 to Matthew Munson on Wednesday, March 20, 2019 12:42:08

    On 2019 Mar 16 11:12:02, you wrote to All:

    Upgrade to 5.70 ASAP

    https://www.ghacks.net/2019/02/21/winrar-has-a-critical-security-bug-here-i
    s-the-fix/

    WinRAR has a critical security bug: here is the fix

    this flaw is being actively used in the wild, now, too... best thing is to upgrade or drop it in the bitbucket and switch to something else...

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... The world looks as if it has been left in the custody of trolls.
    ---
    * Origin: (1:3634/12.73)
  • From Shawn Highfield@1:229/452.4 to Sean Dennis on Thursday, March 21, 2019 23:03:42
    Quoting Sean Dennis to Matthew Munson <=-

    Wouldn't be the first time this has happened with RAR. I quit using
    it.

    I switched to 7zip for windows because it can do rar as well as
    everything else... I don't know if it's good or not, but it's not
    winrar so I figure better safe then sorry.

    Shawn

    ... Okay, who put a "stop payment" on my reality cheque?
    --- Blue Wave/386
    * Origin: A Tiny slice o pi (1:229/452.4)
  • From Sean Dennis@1:18/200 to Shawn Highfield on Monday, March 25, 2019 18:25:22
    Shawn Highfield wrote to Sean Dennis <=-

    I switched to 7zip for windows because it can do rar as well as
    everything else... I don't know if it's good or not, but it's not
    winrar so I figure better safe then sorry.

    I like ARJ since it's open source and compresses better than ZIP for my
    uses. I still do use ZIP for certain things though.

    Later,
    Sean

    ... Eat healthy, exercise, get plenty of sleep -- die healthy!
    ___ MultiMail/Win v0.51

    --- Maximus/2 3.01
    * Origin: Outpost BBS - bbs.outpostbbs.net (1:18/200)
  • From Daryl Stout@1:19/33 to SEAN DENNIS on Tuesday, March 26, 2019 11:40:00
    Sean,

    I like ARJ since it's open source and compresses better than ZIP for my SD>uses. I still do use ZIP for certain things though.

    I originally used ZIP, but changed to ARJ, as it saved disk space.
    But, most of the files on here are in ZIP format.

    I still love your QWK tagline that was something like "ZIP, etc. What
    idiot thought this up??". I thought I had the tagline in OLX, but didn't
    see it.

    Daryl

    ===
    ■ OLX 1.53 ■ ReinCarnation: Reconstituting Evaporated Milk.
    --- SBBSecho 3.07-Win32
    * Origin: FIDONet: The Thunderbolt BBS - tbolt.synchro.net (1:19/33)