CVE-2021-31800 - log back

CVE-2021-31800 edited at 21 Jul 2021 21:09:37
Severity
- High
+ Medium
CVE-2021-31800 edited at 20 Jul 2021 19:19:00
Description
- Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
+ Multiple path traversal vulnerabilities exist in smbserver.py in Impacket before version 0.9.23. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
CVE-2021-31800 edited at 05 May 2021 12:20:47
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Directory traversal
Description
+ Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
References
+ https://github.com/SecureAuthCorp/impacket/pull/1066
+ https://github.com/SecureAuthCorp/impacket/commit/99bd29e3995c254e2d6f6c2e3454e4271665955a
Notes
CVE-2021-31800 created at 05 May 2021 12:18:24