Samba Vulnerability Can Trigger RCE and Complete Root User Access

A critical Samba vulnerability has been identified. If successfully exploited by threat actors, this could trigger remote code execution with root privileges on servers. Samba is an open-source implementation of SMB/CIFS that allows you to share files, printers, and other resources between Linux-based hosts and Windows-based hosts.

More Details on the Samba Vulnerability

The Samba vulnerability under discussion has been assigned CVE-2021-44142 and represents a flaw located in the VFS module which is named “vfs_fruit.” The flaw has been given a rating of 9.9 out of 10 on the CVSS scale.

The company released on Monday an advisory saying that

The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. (…) The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue.

Source

As mentioned before, hackers

Read More: https://heimdalsecurity.com/blog/samba-vulnerability-in-the-vfs-module-can-trigger-rce-and-full-root-user-access/