Update now: Samba prior to 4.13.17 hit with remote root code execution bug

Samba has fixed a vulnerability in all versions of its software prior to version 4.13.17 that allowed for a remote actor to execute code as root, thanks to an out-of-bounds heap read write vulnerability.

“The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes is required to exploit this vulnerability,” Samba said in its security notice.

“Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.”

Discovered by Orange Tsai from Devcore and labelled as CVE-2021-44142, Samba said the vfs_fruit module that improves compatibility for OS X clients is vulnerable in its default configuration.

If the options fruit:metadata=netatalk or fruit:resource=file are set to something else, the vulnerability does not work, but doing so comes with a warning.

“Changing the VFS module settings fruit:metadata or fruit:resource to use the unaffected setting causes all stored information to be inaccessible and will make it appear to macOS clients as if the information is lost,” Samba said.

Therefore, Samba says the preferred workaround to patching is to remove fruit from the configuration.


Read More: https://www.zdnet.com/article/update-now-samba-prior-to-4-13-17-hit-with-remote-root-code-execution-bug/#ftag=RSSbaffb68