Vulnerability in Samba Might Allow Remote Attackers to Run Code as Root

Vulnerability in Samba Might Allow Remote Attackers to Run Code as Root

Samba has patched a severe severity vulnerability that might allow attackers to obtain root rights on servers running vulnerable software and execute malware remotely. Samba is a re-execution of the SMB networking protocol that provides file sharing and printing services across various platforms, allowing Linux, Windows, and macOS users to exchange data across a network.

The weakness, which has been given the number CVE-2021-44142 and was discovered by DEVCORE’s Orange Tsai, is an out-of-bounds heap read/write in the vfs_fruit VFS module when parsing EA information when opening files in smbd.

“The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file,” Samba explained in a security advisory. “If both options are set to different settings than the default values, the system is not affected by the security issue.”

The exploited vfs_fruit module was created to improve compatibility with Apple SMB clients and Netatalk 3 AFP fileservers. Red Hat, SUSE Linux, and Ubuntu are among the systems affected by this vulnerability, as per the CERT Coordination Center (CERT/CC).

If targeted servers run any Samba installations older than version 4.13.17, the release that patches this fault, attackers can exploit the weakness in low-complexity attacks without needing user intervention. While attacks on default setups are possible, threat actors who wish to exploit this flaw would need write access to a file’s extended attributes.

“Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes,” the Samba Team added

Administrators should install the 4.13.17, 4.14.12, and 4.15.5 releases published today or apply the corresponding patches to correct the security defect. Samba also offers a solution for administrators who can’t install the newest versions right away, which requires them to delete ‘fruit’ from their Samba configuration files’ vfs objects’ lines.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Share: