Samba Patches Critical Remote Code Execution Vulnerability – CVE-2021-44142

Share :

Background

On Monday, January 31, 2022, Samba released an advisory for remote code execution vulnerability CVE-2021-44142. All versions of Samba prior to 4.13.17 are vulnerable to CVE-2021-44142. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities. It was disclosed to Samba by security researcher Orange Tsai from security firm DEVCORE.

CVE ID

CVSS Score V3

CVSS Criticality

Type

Description

CVE-2021-44142

Initially 9.9 downgraded to 8.8 later

Initially, Critical downgraded to High

Out-of-bounds Write

& Out-of-bounds Read

Samba vfs_fruit module out-of-bounds heap read and write

Analysis

CVE-2021- 44142

This vulnerability has a CVSS score of 9.9 (later downgraded to 8.8) and is an out-of-bounds heap read/write vulnerability in Samba’s VFS module “vfs_fruit” that if successfully exploited, could allow remote attacks to execute arbitrary code with root privileges on the affected system.

Solutions and Recommendations

Arctic Wolf advises Samba administrators to upgrade to the most recent releases or apply the patch as soon as possible to mitigate any potential attacks exploiting the vulnerability. Although the 3 versions listed below are not vulnerable to code execution vulnerability, Arctic Wolf recommends upgrading to the most recent version supported within your environment.

Affected Samba Versions: All versions of Samba prior to 4.13.17 that are NOT 4.14.12 or 4.15.5 and use the VFS “fruit” module with default values for VFS objects in the smb.conf file.

Fixed Samba Versions:

References

Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.

Adrian Korn

Adrian Korn

Adrian Korn is a seasoned cyber security professional with 7+ years' experience in cyber threat intelligence, threat detection, and security operations. He currently serves as the Manager of Threat Intelligence Research at Arctic Wolf Labs. Adrian has been a guest speaker on intelligence related topics at numerous conferences around the world, including DEF CON's Recon Village, Hackfest, and the Australian OSINT Symposium.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter