PYSEC-2021-17

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/impacket/PYSEC-2021-17.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2021-17
Aliases
Published
2021-05-05T11:15:00Z
Modified
2023-11-01T04:55:21.336667Z
Summary
[none]
Details

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.

References

Affected packages

PyPI / impacket

Package

Affected ranges

Type
GIT
Repo
https://github.com/SecureAuthCorp/impacket
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0.9.10
Fixed
0.9.23

Affected versions

0.*

0.9.10
0.9.11
0.9.12
0.9.13
0.9.14
0.9.15
0.9.17
0.9.18
0.9.19
0.9.20
0.9.21
0.9.22