Samba bug can let remote attackers execute code as root


Level 37
Thread author
Top Poster
Feb 4, 2016
Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software.
Samba is an SMB networking protocol re-implementation that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over a network.
The vulnerability, tracked as CVE-2021-44142 and reported by Orange Tsai of DEVCORE, is an out-of-bounds heap read/write present in the vfs_fruit VFS module when parsing EA metadata when opening files in smbd.

How to fix the problem​

Attackers can exploit the flaw in low complexity attacks without requiring user interaction if the targeted servers run any Samba installations before version 4.13.17, the release that addresses this bug.
While default configurations are exposed to attacks, threat actors that would want to target this vulnerability would need write access to a file's extended attributes.

"Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes," the Samba Team added.
Administrators are advised to install the 4.13.17, 4.14.12, and 4.15.5 releases published today or apply the corresponding patches to correct the security defect as soon as possible.

Samba also provides a workaround for admins who cannot immediately install the latest releases, which requires them to remove 'fruit' from 'vfs objects' lines in their Samba configuration files.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.