Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-44142

Published: 21/02/2022 Updated: 07/11/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 802
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Samba

Vulnerability Summary

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue. Patches addressing both these issues have been posted to: www.samba.org/samba/security/

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba

debian debian linux 10.0

debian debian linux 11.0

canonical ubuntu linux 18.04

canonical ubuntu linux 14.04

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

canonical ubuntu linux 21.10

synology diskstation manager

fedoraproject fedora 34

fedoraproject fedora 35

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux for scientific computing 7.0

redhat enterprise linux 7.0

redhat enterprise linux server 7.0

redhat enterprise linux resilient storage 7.0

redhat enterprise linux for power little endian 7.0

redhat enterprise linux for power big endian 7.0

redhat enterprise linux for ibm z systems 7.0

redhat virtualization host 4.0

redhat enterprise linux 8.0

redhat enterprise linux eus 8.2

redhat enterprise linux server tus 8.2

redhat enterprise linux server aus 8.2

redhat gluster storage 3.5

redhat enterprise linux server 8.1

redhat enterprise linux server tus 8.4

redhat enterprise linux eus 8.4

redhat enterprise linux server aus 8.4

redhat enterprise linux server update services for sap solutions 8.2

redhat enterprise linux server update services for sap solutions 8.4

redhat enterprise linux server update services for sap solutions 8.1

redhat enterprise linux for power little endian eus 8.2

redhat enterprise linux for ibm z systems eus 8.2

redhat enterprise linux for power little endian 8.0

redhat enterprise linux for ibm z systems eus 8.4

redhat enterprise linux for ibm z systems 8.0

redhat enterprise linux for power little endian eus 8.4

redhat codeready linux builder -

Vendor Advisories

Debian CVElist Bug Report Logs: samba: CVE-2021-44142
Debian Bug report logs - #1004693 samba: CVE-2021-44142 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 31 Jan 2022 20:03:06 UTC Severity: grave Tags: security, upstream Found in versi ...
Debian Security Advisories: DSA-5071-1 samba -- security update
Several vulnerabilities were discovered in Samba, a SMB/CIFS file, print, and login server for Unix CVE-2021-44142 Orange Tsai reported an out-of-bounds heap write vulnerability in the VFS module vfs_fruit, which could result in remote execution of arbitrary code as root CVE-2022-0336 Kees van Vloten reported that Samba AD users ...
Ubuntu Security Notice: USN-5260-2: Samba vulnerability
Samba could be made to crash or run programs as an administrator if it received specially crafted network traffic ...
Ubuntu Security Notice: USN-5260-1: Samba vulnerabilities
Several security issues were fixed in Samba ...
Ubuntu Security Notice: USN-5260-3: Samba vulnerability
Samba could be made to crash when handled certain memory operations ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security has ...
Red Hat: Critical: samba security and bug fix update
Synopsis Critical: samba security and bug fix update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as hav ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Gluster Storage 35 for Red Hat Enterprise Linux 8Red Hat Product Security has rate ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 76 Advanced Update Support, Red Hat Enterprise Linux 76 Telco Ext ...
Red Hat: Critical: samba security and bug fix update
Synopsis Critical: samba security and bug fix update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as hav ...
Red Hat: Critical: samba security and bug fix update
Synopsis Critical: samba security and bug fix update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security ha ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 77 Advanced Update Support, Red Hat Enterprise Linux 77 Telco Ext ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Gluster Storage 35 for Red Hat Enterprise Linux 7Red Hat Product Security has rate ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this ...
Amazon Linux AMI: ALAS-2022-1564
A flaw was found in the way samba implemented SMB1 authentication An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required (CVE-2016-2124) A flaw was found in the way Samba maps domain users to local users An authenticated attacker could use this flaw to cause possible pri ...
Amazon Linux 2: ALAS2-2022-1746
Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) ...
Arch Linux Issues:
All versions of Samba prior to 41317 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit ...
Amazon Linux 2022: ALAS2022-2022-022
A flaw was found in the way samba implemented SMB1 authentication An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required (CVE-2016-2124) A flaw was found in the way Samba maps domain users to local users An authenticated attacker could use this flaw to cause possible pri ...
Amazon Linux 2022: ALAS-2022-224
ALAS-2022-224 Amazon Linux 2022 Security Advisory: ALAS-2022-224 Advisory Release Date: 2022-12-06 16:42 Pacific ...

Github Repositories

https://github.com/gudyrmik/CVE-2021-44142

CVE-2021-44142 Storytale

https://github.com/hrsman/Samba-CVE-2021-44142

CVE-2021-44142 Vulnerability Checker A tool to check if a Samba server is vulnerable to CVE-2021-44142 Background CVE-2021-44142 is a heap out-of-bounds read and write in Samba's vfs_fruit module used at Pwn2Own Austin 2021 against the Western Digital PR4100 It was first discovered by Nguyễn Hoàng Thạch and Billy Jheng Bing-Jhong of STAR Labs Orange Tsai of DE

https://github.com/horizon3ai/CVE-2021-44142

CVE-2021-44142 Vulnerability Checker A tool to check if a Samba server is vulnerable to CVE-2021-44142 Background CVE-2021-44142 is a heap out-of-bounds read and write in Samba's vfs_fruit module used at Pwn2Own Austin 2021 against the Western Digital PR4100 It was first discovered by Nguyễn Hoàng Thạch and Billy Jheng Bing-Jhong of STAR Labs Orange Tsai of DE

Recent Articles

Remote code execution vulnerability in Samba due to macOS interop module
The Register • Liam Proven in Prague • 01 Jan 1970

Get our weekly newsletter Patch now

An exploit in Samba 4 allowed remote code as root due to a bug in its support for Mac clients. It's fixed in 4.13.17, 4.14.12 and 4.15.5, and in case you can't update, there are patches. The vuln is being tracked as CVE-2021-44142 and received a CVSS rating of 9.9. Samba is a FOSS implementation of Microsoft's Server Message Block (SMB) network protocol. SMB is how Windows (and DOS and OS/2) share drives. These days Microsoft likes to call it the "Common Internet File System" instead, or CIFS [P...

Read more...

References

CWE-125CWE-787https://www.samba.org/samba/security/CVE-2021-44142.htmlhttps://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austinhttps://kb.cert.org/vuls/id/119678https://bugzilla.samba.org/show_bug.cgi?id=14914https://security.gentoo.org/glsa/202309-06https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004693https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5260-2https://www.samba.org/samba/security/CVE-2021-44142.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-22-246/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook