KDE Ark Archive Tool contains a path traversal vulnerability that could be exploited by potential hackers to overwrite files or execute remote code on a system.
Ark tool is a file archiver and compressor developed by KDE for Linux operating systems. Most Linux distros offer it as a KDE bundled software. It is an archiver App like WinZip or WinRAR for Windows. It supports various common archive and compression formats including zip, 7z, rar, lha and tar.
The bug first caught the attention of security researcher Dominik Penner and has been issued the unique identifier, CVE-2020-16116 with a high severity score.
The CVE-2020-16116 is basically a Path Traversal flaw. It exists due to input validation error when processing directory traversal sequences within the archive. Firstly, a remote hacker can create a specially crafted archive. Secondly, to trick the victim into extracting files from it and overwrite arbitrary files on the system with privileges of the current user.
Above all, to exploit the bug, an attacker would simply have to lure the victim to open a maliciously crafted archive. Once opened, the included malware would automatically execute to perform the intended activities. This may range from installing cryptominers and trojans to ransomware attacks and backdoor implants.
Patch Released With Ark 20.08.0
KDE has patched Archive Tool vulnerability with the release of Ark 20.08.0 that prevents the loading of malicious archives. Whereas, they have proposed the following workaround as well.
“Users should not use the ‘Extract’ context menu from the Dolphin file manager. Before extracting a downloaded archive using the Ark GUI, users should inspect it to make sure it doesn’t contain entries with “../” in the file path.”
Alternatively, you can apply patch to your existing KDE Ark tool instance by visiting this GitHub.