Bug ID | 1185717 |
---|---|
Summary | VUL-0: CVE-2021-31800: python-impacket: Multiple path traversal vulnerabilities in smbserver.py |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.2 |
Hardware | Other |
URL | https://smash.suse.de/issue/283508/ |
OS | Other |
Status | NEW |
Severity | Critical |
Priority | P5 - None |
Component | Network |
Assignee | mardnh@gmx.de |
Reporter | gianluca.gabrielli@suse.com |
QA Contact | security-team@suse.de |
Found By | Security Response Team |
Blocker | --- |
CVE-2021-31800 Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. References: https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008 https://github.com/SecureAuthCorp/impacket/releases https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958 https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485 References: https://bugzilla.redhat.com/show_bug.cgi?id=1957426 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31800 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958 https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31800 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008 https://github.com/SecureAuthCorp/impacket/releases