Summary:
On February 1, 2022, proof-of-concept exploit code was published for a critical Samba remote code execution vulnerability (CVE-2021-44142). Samba is used for file and print services in Windows, macOS, and Linux operating systems. It is also used to integrate Linux in Active Directory (AD) environments and can function as a domain controller. The vulnerability impacts all Samba versions prior to 4.13.17 and affects Red Hat, SUSE Linux, and Ubuntu Linux distributions.
The vulnerability is in the vfs_fruit virtual file system (VFS) module, which provides interoperability between Samba and the Netatalk AppleShare file server implementation. Any user with write access, including guest and unauthenticated users, could exploit this vulnerability to execute code with root privileges.
Recommended action(s):
Samba addressed this issue on January 31. Customers should review and apply updates as appropriate in their environments. Samba also published a workaround that involves removing the impacted VFS module from the smb.conf configuration file but warns that this action may impact file availability on macOS systems.
Questions:
If you have any questions or concerns about this advisory, please contact or submit a ticket via our support desk – support@empsn.org.uk
Reference(s):
- Samba – Security Announcement Archive
- 14914 – (CVE-2021-44142) CVE-2021-44142 [SECURITY] Out-of-Bound Read/Write on Samba vfs_fruit module
- Samba Releases Security Updates | CISA
- New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root (thehackernews.com)
- Samba bug may allow code execution as root on Linux machines, NAS devices (CVE-2021-44142) – Help Net Security
- Zero Day Initiative — CVE-2021-44142: Details on a Samba Code Execution Bug Demonstrated at Pwn2Own Austin
- VU#119678 – Samba vfs_fruit module insecurely handles extended file attributes (cert.org)