Background
On Monday, January 31, 2022, Samba released an advisory for remote code execution vulnerability CVE-2021-44142. All versions of Samba prior to 4.13.17 are vulnerable to CVE-2021-44142. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities. It was disclosed to Samba by security researcher Orange Tsai from security firm DEVCORE.
CVE ID |
CVSS Score V3 |
CVSS Criticality |
Type |
Description |
CVE-2021-44142 |
Initially 9.9 downgraded to 8.8 later |
Initially, Critical downgraded to High |
Out-of-bounds Write & Out-of-bounds Read |
Samba vfs_fruit module out-of-bounds heap read and write |
Analysis
CVE-2021- 44142
This vulnerability has a CVSS score of 9.9 (later downgraded to 8.8) and is an out-of-bounds heap read/write vulnerability in Samba’s VFS module “vfs_fruit” that if successfully exploited, could allow remote attacks to execute arbitrary code with root privileges on the affected system.
Solutions and Recommendations
Arctic Wolf advises Samba administrators to upgrade to the most recent releases or apply the patch as soon as possible to mitigate any potential attacks exploiting the vulnerability. Although the 3 versions listed below are not vulnerable to code execution vulnerability, Arctic Wolf recommends upgrading to the most recent version supported within your environment.
Affected Samba Versions: All versions of Samba prior to 4.13.17 that are NOT 4.14.12 or 4.15.5 and use the VFS “fruit” module with default values for VFS objects in the smb.conf file.
Fixed Samba Versions:
References
Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.