Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-44142

Published: 21/02/2022 Updated: 23/02/2022
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Samba

Vulnerability Summary

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue. Patches addressing both these issues have been posted to: www.samba.org/samba/security/

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba

debian debian linux 10.0

debian debian linux 11.0

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

canonical ubuntu linux 21.10

synology diskstation manager

fedoraproject fedora 34

fedoraproject fedora 35

redhat codeready linux builder -

redhat gluster storage 3.5

redhat virtualization host 4.0

redhat enterprise linux 7.0

redhat enterprise linux 8.0

redhat enterprise linux desktop 7.0

redhat enterprise linux eus 8.2

redhat enterprise linux eus 8.4

redhat enterprise linux for ibm z systems 7.0

redhat enterprise linux for ibm z systems 8.0

redhat enterprise linux for ibm z systems eus 8.2

redhat enterprise linux for ibm z systems eus 8.4

redhat enterprise linux for power big endian 7.0

redhat enterprise linux for power little endian 7.0

redhat enterprise linux for power little endian 8.0

redhat enterprise linux for power little endian eus 8.2

redhat enterprise linux for power little endian eus 8.4

redhat enterprise linux for scientific computing 7.0

redhat enterprise linux resilient storage 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server 8.1

redhat enterprise linux server aus 8.2

redhat enterprise linux server aus 8.4

redhat enterprise linux server tus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux server update services for sap solutions 8.1

redhat enterprise linux server update services for sap solutions 8.2

redhat enterprise linux server update services for sap solutions 8.4

redhat enterprise linux workstation 7.0

Vendor Advisories

Ubuntu Security Notice: USN-5260-2: Samba vulnerability
Samba could be made to crash or run programs as an administrator if it received specially crafted network traffic ...
Red Hat: Critical: samba security and bug fix update
Synopsis Critical: samba security and bug fix update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as hav ...
Ubuntu Security Notice: USN-5260-3: Samba vulnerability
Samba could be made to crash when handled certain memory operations ...
Red Hat: Critical: samba security and bug fix update
Synopsis Critical: samba security and bug fix update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security ha ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security has ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Gluster Storage 35 for Red Hat Enterprise Linux 7Red Hat Product Security has rate ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 77 Advanced Update Support, Red Hat Enterprise Linux 77 Telco Ext ...
Red Hat: Critical: samba security and bug fix update
Synopsis Critical: samba security and bug fix update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as hav ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Gluster Storage 35 for Red Hat Enterprise Linux 8Red Hat Product Security has rate ...
Red Hat: Critical: samba security update
Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 76 Advanced Update Support, Red Hat Enterprise Linux 76 Telco Ext ...
Debian CVElist Bug Report Logs: samba: CVE-2021-44142
Debian Bug report logs - #1004693 samba: CVE-2021-44142 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 31 Jan 2022 20:03:06 UTC Severity: grave Tags: security, upstream Found in versi ...
Ubuntu Security Notice: USN-5260-1: Samba vulnerabilities
Several security issues were fixed in Samba ...
Debian Security Advisories: DSA-5071-1 samba -- security update
Several vulnerabilities were discovered in Samba, a SMB/CIFS file, print, and login server for Unix CVE-2021-44142 Orange Tsai reported an out-of-bounds heap write vulnerability in the VFS module vfs_fruit, which could result in remote execution of arbitrary code as root CVE-2022-0336 Kees van Vloten reported that Samba AD users ...
Amazon Linux 2: ALAS2-2022-1746
Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) ...
Arch Linux Issues:
All versions of Samba prior to 41317 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit ...
Amazon Linux AMI: ALAS-2022-1564
A flaw was found in the way samba implemented SMB1 authentication An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required (CVE-2016-2124) A flaw was found in the way Samba maps domain users to local users An authenticated attacker could use this flaw to cause possible pri ...
Amazon Linux 2022: ALAS-2022-224
ALAS-2022-224 Amazon Linux 2022 Security Advisory: ALAS-2022-224 Advisory Release Date: 2022-12-06 16:42 Pacific ...
Amazon Linux 2022: ALAS2022-2022-022
A flaw was found in the way samba implemented SMB1 authentication An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required (CVE-2016-2124) A flaw was found in the way Samba maps domain users to local users An authenticated attacker could use this flaw to cause possible pri ...

Mailing Lists

Full Disclosure: Samba 4.15.5, 4.14.12, 4.13.17 Security Releases
CVE-2021-44142 is particularly nasty, "This vulnerability allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit" ----- Forwarded message from Jule Anger via samba-announce <samba-announce () lists samba org> ----- Return-Path: <samba-announce-bounces () lists samba or ...

Github Repositories

CVE-2021-44142

CVE-2021-44142 Vulnerability Checker A tool to check if a Samba server is vulnerable to CVE-2021-44142 Background CVE-2021-44142 is a heap out-of-bounds read and write in Samba's vfs_fruit module used at Pwn2Own Austin 2021 against the Western Digital PR4100 This work is based off a blog post by 0xsha at 0xshaio/blog/a-samba-horror-story-cve-2021-44142 This tool

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

Recent Articles

Samba ‘Fruit’ Bug Allows RCE, Full Root User Access
Threatpost • Tara Seals • 01 Feb 2022

A critical severity vulnerability in the Samba platform could allow attackers to gain remote code execution with root privileges on servers.
Samba is an interoperability suite that allows Windows and Linus/Unix-based hosts to work together and share file and print services with multi-platform devices on a common network, including SMB file-sharing. Gaining the ability to execute remote code as a root user means that an attacker would be able to read, modify or delete any files on the syste...

Read more...
Remote code execution vulnerability in Samba due to macOS interop module
The Register • Liam Proven in Prague • 01 Jan 1970

Get our weekly newsletter Patch now

An exploit in Samba 4 allowed remote code as root due to a bug in its support for Mac clients. It's fixed in 4.13.17, 4.14.12 and 4.15.5, and in case you can't update, there are patches.
The vuln is being tracked as CVE-2021-44142 and received a CVSS rating of 9.9.
Samba is a FOSS implementation of Microsoft's Server Message Block (SMB) network protocol. SMB is how Windows (and DOS and OS/2) share drives. These days Microsoft likes to call it the "Common Internet File System" instead...

Read more...
Western Digital fixes critical bug giving root on My Cloud NAS devices
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices.
This flaw is an out-of-bounds heap read/write (
) in the Samba vfs_fruit VFS module.
It can be exploited by unauthenticated threat actors in low complexity attacks targeting My Cloud devices running vulnerable firmware versions.
"This specific flaw exists within the parsing of extended attributes (EA...

Read more...
Western Digital patches Samba bug giving root on My Cloud devices
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices.
This flaw is an out-of-bounds heap read/write (
) in the Samba vfs_fruit VFS module.
It can be exploited by unauthenticated threat actors in low complexity attacks targeting My Cloud devices running vulnerable firmware versions.
"This specific flaw exists within the parsing of extended attributes (EA...

Read more...

References

CWE-125CWE-787https://www.samba.org/samba/security/CVE-2021-44142.htmlhttps://kb.cert.org/vuls/id/119678https://bugzilla.samba.org/show_bug.cgi?id=14914https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austinhttps://github.com/horizon3ai/CVE-2021-44142https://ubuntu.com/security/notices/USN-5260-2https://nvd.nist.govhttps://www.samba.org/samba/security/CVE-2021-44142.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-22-244/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
elevation of privilegeCVE-2022-42331CVE-2023-24709CVE-2023-27569open redirectinjectionCVE-2023-27087
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook