PT-2022-1452 · Samba+10 · Samba+10
Billy Jheng Bing-Jhong
+5
·
Published
2021-12-13
·
Updated
2026-03-10
·
CVE-2021-44142
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Samba versions prior to 4.13.17
Samba versions prior to 4.14.12
Samba versions prior to 4.15.5
Description
The Samba vfs fruit module uses extended file attributes to provide enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. The vulnerability is related to an out-of-bounds heap read and write via specially crafted extended file attributes. The affected module is used for enhanced compatibility with Apple SMB clients and Netatalk 3 AFP file servers.
Recommendations
For Samba versions prior to 4.13.17, update to version 4.13.17 or apply the corresponding patches.
For Samba versions prior to 4.14.12, update to version 4.14.12 or apply the corresponding patches.
For Samba versions prior to 4.15.5, update to version 4.15.5 or apply the corresponding patches.
As a temporary workaround, consider restricting access to the vulnerable vfs fruit module to minimize the risk of exploitation.
Exploit
Fix
DoS
Out of bounds Read
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Samba
Suse
Ubuntu