CVE-2021-31800

NameCVE-2021-31800
DescriptionMultiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh
Debian Bugs988141

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
impacket (PTS)stretch0.9.15-1vulnerable
buster0.9.15-5vulnerable
bookworm, bullseye, sid0.9.22-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
impacketsource(unstable)0.9.22-2988141

Notes

[buster] - impacket <no-dsa> (Minor issue)
[stretch] - impacket <no-dsa> (Minor issue)
https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f
Search for package or bug name: Reporting problems