Samba ‘Fruit’ Bug Allows RCE, Full Root User Access

The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages.

A critical severity vulnerability in the Samba platform could allow attackers to gain remote code execution with root privileges on servers.

Samba is an interoperability suite that allows Windows and Linus/Unix-based hosts to work together and share file and print services with multiplatform devices on a common network, including SMB file-sharing. Gaining the ability to execute remote code as a root user means that an attacker would be able to read, modify or delete any files on the system, enumerate users, install malware (such as cryptominers or ransomware) and pivot to further into a corporate network.

The bug (CVE-2021-44142) specifically is an out-of-bounds heap read/write vulnerability in the VFS module called “vfs_fruit.” It affects all versions of Samba prior to v.4.13.17, and carries a rating of 9.9 out of 10 on the CVSS security-vulnerability severity scale. Additionally, some Samba-supporting Red Hat, SUSE Linux and Ubuntu packages are also affected.

‘Fruits’ of an Attacker’s Labor

The “fruit” module is used to provide “enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver,” through the use of extended

Read More: