| Bug ID | 1185717 |
|---|---|
| Summary | VUL-0: CVE-2021-31800: python-impacket: Multiple path traversal vulnerabilities in smbserver.py |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.2 |
| Hardware | Other |
| URL | https://smash.suse.de/issue/283508/ |
| OS | Other |
| Status | NEW |
| Severity | Critical |
| Priority | P5 - None |
| Component | Network |
| Assignee | mardnh@gmx.de |
| Reporter | gianluca.gabrielli@suse.com |
| QA Contact | security-team@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
CVE-2021-31800 Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. References: https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008 https://github.com/SecureAuthCorp/impacket/releases https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958 https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485 References: https://bugzilla.redhat.com/show_bug.cgi?id=1957426 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31800 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958 https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31800 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008 https://github.com/SecureAuthCorp/impacket/releases