← back
CVE-2021-44142

CVE-2021-44142

CVSS 8.8 HIGHEPSS 74.0%CWE-125CWE-787
In short

Samba's vfs_fruit module has a vulnerability in how it handles special file attributes, allowing attackers with write access to read and write beyond memory boundaries. This can lead to arbitrary code execution with root privileges on affected systems.

Technical detail

The vfs_fruit module in Samba versions before 4.13.17, 4.14.12, and 4.15.5 improperly validates extended file attributes (xattr), enabling out-of-bounds heap read/write operations (CWE-125, CWE-787). An authenticated remote attacker with write access to xattr can craft malicious attributes to trigger heap buffer overflow, achieving arbitrary code execution in the smbd process context.

Summary generated and translated by AI from the official description.
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Samba · Samba

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.samba.org/show_bug.cgi?id=14914https://kb.cert.org/vuls/id/119678https://security.gentoo.org/glsa/202309-06https://www.kb.cert.org/vuls/id/119678https://www.samba.org/samba/security/CVE-2021-44142.htmlhttps://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin