All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue. Patches addressing both these issues have been posted to: www.samba.org/samba/security/
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
samba samba |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 21.10 |
||
synology diskstation manager |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux for scientific computing 7.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux resilient storage 7.0 |
||
redhat enterprise linux for power little endian 7.0 |
||
redhat enterprise linux for power big endian 7.0 |
||
redhat enterprise linux for ibm z systems 7.0 |
||
redhat virtualization host 4.0 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux eus 8.2 |
||
redhat enterprise linux server tus 8.2 |
||
redhat enterprise linux server aus 8.2 |
||
redhat gluster storage 3.5 |
||
redhat enterprise linux server 8.1 |
||
redhat enterprise linux server tus 8.4 |
||
redhat enterprise linux eus 8.4 |
||
redhat enterprise linux server aus 8.4 |
||
redhat enterprise linux server update services for sap solutions 8.2 |
||
redhat enterprise linux server update services for sap solutions 8.4 |
||
redhat enterprise linux server update services for sap solutions 8.1 |
||
redhat enterprise linux for power little endian eus 8.2 |
||
redhat enterprise linux for ibm z systems eus 8.2 |
||
redhat enterprise linux for power little endian 8.0 |
||
redhat enterprise linux for ibm z systems eus 8.4 |
||
redhat enterprise linux for ibm z systems 8.0 |
||
redhat enterprise linux for power little endian eus 8.4 |
||
redhat codeready linux builder - |
Get our weekly newsletter Patch now
An exploit in Samba 4 allowed remote code as root due to a bug in its support for Mac clients. It's fixed in 4.13.17, 4.14.12 and 4.15.5, and in case you can't update, there are patches. The vuln is being tracked as CVE-2021-44142 and received a CVSS rating of 9.9. Samba is a FOSS implementation of Microsoft's Server Message Block (SMB) network protocol. SMB is how Windows (and DOS and OS/2) share drives. These days Microsoft likes to call it the "Common Internet File System" instead, or CIFS [P...