QwikSec

Security Database

CVE

CWE

Training

CVE-2021-31800

Published: May 5, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/SecureAuthCorp/impacket/releases

x_refsource_MISC

https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876

x_refsource_MISC

https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485

x_refsource_MISC

https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008

x_refsource_MISC

https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958

x_refsource_MISC

https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f

x_refsource_MISC

FEDORA-2021-52dfb60726

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-ab09c9a7a1

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-888ccfd5b6

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.