Critical WinRAR flaw lets hackers run programs when you open RAR archives

Discussion in 'Software News' started by dondada, Aug 19, 2023.

  1. dondada

    dondada Audiosexual

    Joined:
    Jan 2, 2015
    Messages:
    1,046
    Likes Received:
    505
    • Useful Useful x 7
    • Interesting Interesting x 2
    • List
  2.  
  3. ArticStorm

    ArticStorm Moderator Staff Member

    Joined:
    Jun 7, 2011
    Messages:
    7,687
    Likes Received:
    3,915
    Location:
    AudioSexPro
    pretty sure Winrar will look into it as quickly as possible.

    Its already adressed:
    Already updated to this version on 3rd 2nd August.

    Alternatives are 7zip ofc, but the others are impractically. imo.
    Sure you could using something like zst, rzip, etc, but it always comes down to what the normal user would use and is able to unpack.
     
    Last edited: Aug 19, 2023
    • Like Like x 3
    • Agree Agree x 1
    • Winner Winner x 1
    • List
  4. SineWave

    SineWave Audiosexual

    Joined:
    Sep 4, 2011
    Messages:
    4,430
    Likes Received:
    3,569
    Location:
    Where the sun doesn't shine.
    People will find security flaws in toilet paper these days to get a little attention if nothing else... :wink:

    How does that proverb about security and freedom goes? Social media made people short-term dopamine addicts and all kinds of 3 or 4 letter mental diseases are running rampant. We should chill more, people. Do something useful. Stop gossiping like an old hag. :wink:

    Says the one who posts a completely useless off-topic message in the thread. :rofl:
     
    Last edited: Aug 19, 2023
    • Funny Funny x 4
    • Like Like x 2
    • Agree Agree x 1
    • Winner Winner x 1
    • List
  5. Recoil ✪

    Recoil ✪ Rock Star

    Joined:
    Aug 14, 2022
    Messages:
    443
    Likes Received:
    486
    Location:
    Mordor
    I love my Linux :metal:who cares :thanks:

    [​IMG]
     
    • Funny Funny x 4
    • Agree Agree x 2
    • Dislike Dislike x 1
    • Useful Useful x 1
    • List
  6. SineWave

    SineWave Audiosexual

    Joined:
    Sep 4, 2011
    Messages:
    4,430
    Likes Received:
    3,569
    Location:
    Where the sun doesn't shine.
    Speaking of scripting, when I was updating RAR sometime ago, it took me a whole minute to do it. There should be a script... for everything! They make life with computers easier. On Linux and Mac, both. :wink:

    Are you also running kernel with "mitigations=off"?
     
    Last edited: Aug 19, 2023
  7. Windows95

    Windows95 Member

    Joined:
    Jul 19, 2020
    Messages:
    15
    Likes Received:
    11
    Using Linux doesn't make you a scientist mate. The choice of OS is totally irrelevant. Just saying.
     
    • Agree Agree x 3
    • Funny Funny x 1
    • List
  8. twoheart

    twoheart Audiosexual

    Joined:
    Nov 21, 2015
    Messages:
    2,090
    Likes Received:
    1,295
    Location:
    Share many
    :rofl::rofl::rofl:

    According to the pic, Linux useres are fat old white guys?
    The windows user is the slender guy in the background. ok.
    Who is the athletic guy on the far left?
     
    Last edited: Aug 19, 2023
  9. SineWave

    SineWave Audiosexual

    Joined:
    Sep 4, 2011
    Messages:
    4,430
    Likes Received:
    3,569
    Location:
    Where the sun doesn't shine.
    @Windows95 I don't agree, really. You know that proverb "what doesn't kill you, only makes you stronger"? That's what happens when you use Linux for a while, so Windows and Mac feel like a walk in the park. :wink: It does make you more knowledgeable about OSes, too. Which I wouldn't say applies to Windows or Mac, especially because they are made specifically for computer illiterate people. At least they try to make them that way.

    And that brings me to your statement of OS irrelevance... c'mon, choice of OS is irrelevant? :rofl: How does that compute? ;) I do use all three, but Linux is absolutely my main OS because it gives me complete control over the OS. Complete. Control. I love that. I have OCD. :rofl: Among other stuff.
     
  10. Recoil ✪

    Recoil ✪ Rock Star

    Joined:
    Aug 14, 2022
    Messages:
    443
    Likes Received:
    486
    Location:
    Mordor
    @twoheart You misunderstood, the one on the left is a Neanderthal, who listens to the conversation of two homosapiens :rofl:
     
    • Funny Funny x 1
    • Love it! Love it! x 1
    • List
  11. midi-man

    midi-man Audiosexual

    Joined:
    Sep 25, 2013
    Messages:
    1,625
    Likes Received:
    808
    Well upgrades on Linux are much easier than windows and faster. I can not tell you how many time I have just upgraded my Linux Mint and it went as easy as 1,2,3. So if you think about it Linux Scripting is pretty slick.:wink:
     
  12. midi-man

    midi-man Audiosexual

    Joined:
    Sep 25, 2013
    Messages:
    1,625
    Likes Received:
    808
    Thanks for that info. I just updated mine.
     
  13. midi-man

    midi-man Audiosexual

    Joined:
    Sep 25, 2013
    Messages:
    1,625
    Likes Received:
    808
    Also no bloatware or MS tracking BS. Lean and mean.
    Well to be real many things are Linux, TV, Routers, Nest and Etc.
     
  14. phumb-reh

    phumb-reh Guest

    RAR is great, updated.

    About that picture... it also happens that those two guys are the only human beings who know all of bash.

    The great thing about bash is: it's powerful, flexible, with deep hooks into *nix features.
    The fucking awful thing about bash is: it's powerful, flexible, with deep hooks into *nix features.

    My default .bashrc is about 4KB in size, having grown organically in ehm... too many years to admit. And I do still use it for scripting, but it's only simple scripts anymore. I simply can't remember anymore all of the quoting rules/manipulations, stream manipulations, signal traps... the list goes on.
     
    • Agree Agree x 1
    • Love it! Love it! x 1
    • List
  15. SineWave

    SineWave Audiosexual

    Joined:
    Sep 4, 2011
    Messages:
    4,430
    Likes Received:
    3,569
    Location:
    Where the sun doesn't shine.
    Oh man, yeah - love the easy upgrading! I recently upgraded Debian to v12 (it was v7 "wheezy" from 2013 originally, or maybe even 6 "Squeeze"). Took me like a minute to edit sources.list and 2 console (apt) commands. Of course, you have to adjust or readjust some things later, but in general it was quite a painless process, satisfying even. :) I just realised how many times I updated this OS (5 or 6!) and it still works great. Actually better than older versions. Coming from Windows this might seem like a strange concept. :)

    Regarding RAR, it is still a great, fast. and safest archiver since it sports recovery record and is 2xfaster when compressing than 7zip. But 7zip definitely has its uses and is great in its own right. XZ and TAR are useful, too, especially when you have a ton of small file for archiving. That would take a lot of time with 7zip.
     
    Last edited: Aug 19, 2023
  16. midi-man

    midi-man Audiosexual

    Joined:
    Sep 25, 2013
    Messages:
    1,625
    Likes Received:
    808
    Yes Upgrading is fantastic on Linux. I have noticed that from time to time I have to readjust my repositories on Mint but it's painless.
    process.

    Yes winrar is fast on files better than 7zip but 7zIp is free.
     
  17. canbi

    canbi Kapellmeister

    Joined:
    Jun 12, 2023
    Messages:
    146
    Likes Received:
    50
    another "article" not containing any info and/or details

    great
     
  18. saccamano

    saccamano Rock Star

    Joined:
    Mar 26, 2023
    Messages:
    1,203
    Likes Received:
    481
    Location:
    CBGB omfug
    :wink:

    But then again, if you actually like tearing your hair out with every single app install (or worse yet a complete app uninstall), large lacking catalog of decent available warez, and things splattered every which way on your system storage medium, then sure *NIX is a winner OS. I didn't even mention trying to get some sort of x-windows GUI working that's even half way tolerable (hack-in-trash?).
     
  19. twoheart

    twoheart Audiosexual

    Joined:
    Nov 21, 2015
    Messages:
    2,090
    Likes Received:
    1,295
    Location:
    Share many
    First. There was useful info at least in the OP
    Second: You can make an effort yourself to contribute something instead of just consuming and then complaining
     
  20. phumb-reh

    phumb-reh Guest

    Ok, it's got a good link of the issue, link to the vendor response, fixing instructions and a FUCKING LINK TO THE CVE and that's "no info and/or details" to you.

    From this I can only think that you either can't read, or are truly a God's gift to infosec.

    Which one it shall be then oh (possibly) demigod security hacker? (if you can read and understand this that is)
     
  21. Recoil ✪

    Recoil ✪ Rock Star

    Joined:
    Aug 14, 2022
    Messages:
    443
    Likes Received:
    486
    Location:
    Mordor
    [​IMG] :rofl:
     
    • Funny Funny x 2
    • Agree Agree x 1
    • List
Loading...
Loading...