Samba bug can let remote attackers execute code as root

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,507
Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software.
Samba is an SMB networking protocol re-implementation that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over a network.
The vulnerability, tracked as CVE-2021-44142 and reported by Orange Tsai of DEVCORE, is an out-of-bounds heap read/write present in the vfs_fruit VFS module when parsing EA metadata when opening files in smbd.

How to fix the problem​

Attackers can exploit the flaw in low complexity attacks without requiring user interaction if the targeted servers run any Samba installations before version 4.13.17, the release that addresses this bug.
While default configurations are exposed to attacks, threat actors that would want to target this vulnerability would need write access to a file's extended attributes.

"Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes," the Samba Team added.
Administrators are advised to install the 4.13.17, 4.14.12, and 4.15.5 releases published today or apply the corresponding patches to correct the security defect as soon as possible.

Samba also provides a workaround for admins who cannot immediately install the latest releases, which requires them to remove 'fruit' from 'vfs objects' lines in their Samba configuration files.