Samba fixed CVE-2021-44142 remote code execution flaw

Samba fixes a critical flaw, tracked as CVE-2021-44142, that can allow remote attackers to execute code with root privileges.

Samba has addressed a critical vulnerability, tracked as CVE-2021-44142, that can be exploited by remote attackers to gain code execution with root privileges on servers running vulnerable software.

Samba is a free software re-implementation of the SMB networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. Samba runs on most Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple’s macOS Server, and macOS client (Mac OS X 10.2 and greater).

The CVE-2021-44142 vulnerability is an out-of-bounds heap read/write that impacts the vfs_fruit VFS module when parsing EA metadata when opening files in smbd.

This VFS module is part of the samba suite and provides enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.

“The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.” reads the security advisory for this flaw. “The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue.” The flaw affects all versions of Samba prior to 4.13.17

The flaw affects all versions of Samba prior to 4.13.17, an attacker can trigger this vulnerability without user interaction. The vulnerability was reported by the security researcher Orange Tsai from DEVCORE.

Administrators can address the flaw by installing the 4.13.17, 4.14.12, and 4.15.5 releases or applying the security patches released by Samba

Samba also provides a workaround that consists in removing ‘fruit’ from ‘vfs objects’ lines in the Samba configuration files.

“As a workaround remove the “fruit” VFS module from the list of configured VFS objects in any “vfs objects” line in the Samba configuration smb.conf. Note that changing the VFS module settings.” “fruit:metadata or fruit:resource to use the unaffected setting causes all stored information to be inaccessible and will make it appear to macOS clients as if the information is lost.” concludes the advisory

The US CERT Coordination Center (CERT/CC) published a list of vendors impacted by the CVE-2021-44142 bug.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Samba)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.