FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-impacket -- multiple path traversal vulnerabilities

Affected packages
0.9.10 <= py310-impacket < 0.9.23
0.9.10 <= py311-impacket < 0.9.23
0.9.10 <= py37-impacket < 0.9.23
0.9.10 <= py38-impacket < 0.9.23
0.9.10 <= py39-impacket < 0.9.23

Details

VuXML ID b692a49c-9ae7-4958-af21-cbf8f5b819ea
Discovery 2021-05-05
Entry 2023-04-09

asolino reports:

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.

[source]

References

CVE Name CVE-2021-31800
URL https://osv.dev/vulnerability/GHSA-mj63-64x7-57xf
URL https://osv.dev/vulnerability/PYSEC-2021-17

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.