Skip to content

Critical Vulnerability Alert in Samba – CVE-2021-44142

  • Resources
  • News
  • Critical Vulnerability Alert in Samba – CVE-2021-44142

We would like to bring your attention to the following Critical vulnerability we have recently become aware of.

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. To exploit this vulnerability a user that has write access to a file’s extended attributes is required, this user could be a guest or unauthenticated user if these users were configured to allow write access to file extended attributes.

Remediation

Patches have been released by samba.org to address this vulnerability and should be applied as soon as possible to mitigate any risk.

Patches can be found here:

The following mitigations are recommended to be applied if it is not possible to apply the samba patches immediately:

Remove the “fruit” VFS module from the list of configured VFS objects in any “vfs objects” line in the Samba configuration smb.conf.

Note that changing the VFS module settings fruit:metadata or fruit:resource to use the unaffected setting causes all stored information to be inaccessible and will make it appear to macOS clients as if the information is lost.

We are actively monitoring the situation.

References:

Close-up of a mechanical keyboard with red-lit keys, symbolizing offensive cybersecurity activity.

The Evolution of EDR Bypasses: A Historical Timeline

The relationship between Endpoint Detection and Response (EDR) solutions and bypass techniques represents one of cybersecurity’s most dynamic battlegrounds. They are a representation of Cybersecurity as…
Billy Giles, Head of Adversary Simulation at CovertSwarm North America, bringing over two decades of offensive cyber operations experience to strengthen constant cyber attack capabilities.

Billy Giles joins CovertSwarm as Head of Adversary Simulation for North America

CovertSwarm proudly welcomes Billy Giles as Head of Adversary Simulation for the North America region, strengthening our offensive cybersecurity capabilities and constant cyber attack subscription services.…
Retail breach

ANATOMY OF A BREACH: INSIDE THE MODERN RETAIL ATTACK

Retail breaches don’t start with ransomware. They start with people. From social engineering to persistent access, attackers exploit the unseen gaps in your defenses. Learn how…