Source: impacket Version: 0.9.22-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for impacket. CVE-2021-31800[0]: | Multiple path traversal vulnerabilities exist in smbserver.py in | Impacket through 0.9.22. An attacker that connects to a running | smbserver instance can list and write to arbitrary files via ../ | directory traversal. This could potentially be abused to achieve | arbitrary code execution by replacing /etc/shadow or an SSH authorized | key. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-31800 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31800 [1] https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f Please adjust the affected versions in the BTS as needed. Regards, Salvatore
