03/02/2022

Proof-of-concept exploit available for critical Samba vulnerability (CVE-2021-44142)

Summary:

On February 1, 2022, proof-of-concept exploit code was published for a critical Samba remote code execution vulnerability (CVE-2021-44142). Samba is used for file and print services in Windows, macOS, and Linux operating systems. It is also used to integrate Linux in Active Directory (AD) environments and can function as a domain controller. The vulnerability impacts all Samba versions prior to 4.13.17 and affects Red Hat, SUSE Linux, and Ubuntu Linux distributions.

The vulnerability is in the vfs_fruit virtual file system (VFS) module, which provides interoperability between Samba and the Netatalk AppleShare file server implementation. Any user with write access, including guest and unauthenticated users, could exploit this vulnerability to execute code with root privileges.

Recommended action(s):

Samba addressed this issue on January 31. Customers should review and apply updates as appropriate in their environments. Samba also published a workaround that involves removing the impacted VFS module from the smb.conf configuration file but warns that this action may impact file availability on macOS systems.

Questions:

If you have any questions or concerns about this advisory, please contact or submit a ticket via our support desk – support@empsn.org.uk

Reference(s):

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners