Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qNjMtNjR4Ny01N3hm
Path traversal in impacket
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket before 0.9.23. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
Permalink: https://github.com/advisories/GHSA-mj63-64x7-57xfJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qNjMtNjR4Ny01N3hm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 3 years ago
Updated: 8 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-mj63-64x7-57xf, CVE-2021-31800
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-31800
- https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f
- https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008
- https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958
- https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485
- https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876
- https://github.com/SecureAuthCorp/impacket/releases
- https://lists.fedoraproject.org/archives/list/[email protected]/message/IPXDPWCAPVX3UWYZ3N2T5OLBSBBUHJP6/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/KRV2C5DATXBHG6TF6CEEX54KZ75THQS3/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/UF56LYB27LHEIFJTFHU3M75NMNNK2SCG/
- https://github.com/SecureAuthCorp/impacket/commit/99bd29e3995c254e2d6f6c2e3454e4271665955a
- https://github.com/SecureAuthCorp/impacket/releases/tag/impacket_0_9_23
- https://github.com/advisories/GHSA-mj63-64x7-57xf
Blast Radius: 29.5
Affected Packages
pypi:impacket
Dependent packages: 39Dependent repositories: 1,016
Downloads: 132,306 last month
Affected Version Ranges: < 0.9.23
Fixed in: 0.9.23
All affected versions: 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.17, 0.9.18, 0.9.19, 0.9.20, 0.9.21, 0.9.22
All unaffected versions: 0.9.23, 0.9.24, 0.10.0, 0.11.0