Samba Remote Code Execution Vulnerability

Samba Remote Code Execution Vulnerability

Samba disclosed a critical* remote code execution vulnerability affecting all versions of Samba prior to 4.13.17.

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. The problem in vfs fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue. This vulnerability has not been evaluated by NIST yet (no CVSS 3.1 score given). However, Samba has determined its CVSS 3.1 score as 9.9.

Affected Systems

The following servers/systems are affected by this vulnerability;

• All versions of Samba prior to 4.13.17

IoC’s

-

Recommended Solution(s)

The users are advised to download the patches posted at the following website. Additionally, Samba 4.13.17, 4.14.12 and 4.15.5 have been issued as security releases to correct the defect.

https://www.samba.org/samba/security/

CVE / CWE

CVE-2021-44142

Related Website(s)

• https://www.samba.org/samba/security/CVE-2021-44142.html
• https://securityaffairs.co/wordpress/127457/security/cve-2021-44142-samba-rce.html

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.