8.8
CVSSv3

CVE-2021-44142

Published: 21/02/2022 Updated: 23/02/2022
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue. Patches addressing both these issues have been posted to: www.samba.org/samba/security/

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba

debian debian linux 10.0

debian debian linux 11.0

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

canonical ubuntu linux 21.10

synology diskstation manager

fedoraproject fedora 34

fedoraproject fedora 35

redhat codeready linux builder -

redhat gluster storage 3.5

redhat virtualization host 4.0

redhat enterprise linux 7.0

redhat enterprise linux 8.0

redhat enterprise linux desktop 7.0

redhat enterprise linux eus 8.2

redhat enterprise linux eus 8.4

redhat enterprise linux for ibm z systems 7.0

redhat enterprise linux for ibm z systems 8.0

redhat enterprise linux for ibm z systems eus 8.2

redhat enterprise linux for ibm z systems eus 8.4

redhat enterprise linux for power big endian 7.0

redhat enterprise linux for power little endian 7.0

redhat enterprise linux for power little endian 8.0

redhat enterprise linux for power little endian eus 8.2

redhat enterprise linux for power little endian eus 8.4

redhat enterprise linux for scientific computing 7.0

redhat enterprise linux resilient storage 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server 8.1

redhat enterprise linux server aus 8.2

redhat enterprise linux server aus 8.4

redhat enterprise linux server tus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux server update services for sap solutions 8.1

redhat enterprise linux server update services for sap solutions 8.2

redhat enterprise linux server update services for sap solutions 8.4

redhat enterprise linux workstation 7.0

Vendor Advisories

Synopsis Critical: samba security and bug fix update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as hav ...
Samba could be made to crash or run programs as an administrator if it received specially crafted network traffic ...
Synopsis Critical: samba security and bug fix update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security ha ...
Samba could be made to crash when handled certain memory operations ...
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security has ...
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Gluster Storage 35 for Red Hat Enterprise Linux 7Red Hat Product Security has rate ...
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 77 Advanced Update Support, Red Hat Enterprise Linux 77 Telco Ext ...
Synopsis Critical: samba security and bug fix update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as hav ...
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this ...
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Gluster Storage 35 for Red Hat Enterprise Linux 8Red Hat Product Security has rate ...
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 76 Advanced Update Support, Red Hat Enterprise Linux 76 Telco Ext ...
Debian Bug report logs - #1004693 samba: CVE-2021-44142 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 31 Jan 2022 20:03:06 UTC Severity: grave Tags: security, upstream Found in versi ...
Several security issues were fixed in Samba ...
Several vulnerabilities were discovered in Samba, a SMB/CIFS file, print, and login server for Unix CVE-2021-44142 Orange Tsai reported an out-of-bounds heap write vulnerability in the VFS module vfs_fruit, which could result in remote execution of arbitrary code as root CVE-2022-0336 Kees van Vloten reported that Samba AD users ...
Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) ...
All versions of Samba prior to 41317 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit ...
A flaw was found in the way samba implemented SMB1 authentication An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required (CVE-2016-2124) A flaw was found in the way Samba maps domain users to local users An authenticated attacker could use this flaw to cause possible pri ...
A flaw was found in the way samba implemented SMB1 authentication An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required (CVE-2016-2124) A flaw was found in the way Samba maps domain users to local users An authenticated attacker could use this flaw to cause possible pri ...

Mailing Lists

CVE-2021-44142 is particularly nasty, "This vulnerability allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit" ----- Forwarded message from Jule Anger via samba-announce <samba-announce () lists samba org> ----- Return-Path: <samba-announce-bounces () lists samba or ...

Github Repositories

CVE-2021-44142 Vulnerability Checker A tool to check if a Samba server is vulnerable to CVE-2021-44142 Background CVE-2021-44142 is a heap out-of-bounds read and write in Samba's vfs_fruit module used at Pwn2Own Austin 2021 against the Western Digital PR4100 This work is based off a blog post by 0xsha at 0xshaio/blog/a-samba-horror-story-cve-2021-44142 This tool

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

Recent Articles

Samba ‘Fruit’ Bug Allows RCE, Full Root User Access
Threatpost • Tara Seals • 01 Feb 2022

A critical severity vulnerability in the Samba platform could allow attackers to gain remote code execution with root privileges on servers.
Samba is an interoperability suite that allows Windows and Linus/Unix-based hosts to work together and share file and print services with multi-platform devices on a common network, including SMB file-sharing. Gaining the ability to execute remote code as a root user means that an attacker would be able to read, modify or delete any files on the syste...

Remote code execution vulnerability in Samba due to macOS interop module
The Register • Liam Proven in Prague • 01 Jan 1970

Get our weekly newsletter Patch now

An exploit in Samba 4 allowed remote code as root due to a bug in its support for Mac clients. It's fixed in 4.13.17, 4.14.12 and 4.15.5, and in case you can't update, there are patches.
The vuln is being tracked as CVE-2021-44142 and received a CVSS rating of 9.9.
Samba is a FOSS implementation of Microsoft's Server Message Block (SMB) network protocol. SMB is how Windows (and DOS and OS/2) share drives. These days Microsoft likes to call it the "Common Internet File System" instead...

Western Digital fixes critical bug giving root on My Cloud NAS devices
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices.
This flaw is an out-of-bounds heap read/write (
) in the Samba vfs_fruit VFS module.
It can be exploited by unauthenticated threat actors in low complexity attacks targeting My Cloud devices running vulnerable firmware versions.
"This specific flaw exists within the parsing of extended attributes (EA...

Western Digital patches Samba bug giving root on My Cloud devices
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices.
This flaw is an out-of-bounds heap read/write (
) in the Samba vfs_fruit VFS module.
It can be exploited by unauthenticated threat actors in low complexity attacks targeting My Cloud devices running vulnerable firmware versions.
"This specific flaw exists within the parsing of extended attributes (EA...