Multiple path traversal vulnerabilities exist in smbserver.py in Impacket up to and including 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
secureauth impacket |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |