Security News > 2022 > February > New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root
2022-02-01 19:56

Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations.

Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module "Vfs fruit" that provides compatibility with Apple SMB clients.

Samba is a popular freeware implementation of the Server Message Block protocol that allows users to access files, printers, and other commonly shared resources over a network.

"All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs fruit," the maintainers said in an advisory published on January 31.

CVE-2022-0336 - Samba AD users with permission to write to an account can impersonate arbitrary services.

Samba administrators are recommended to upgrade to these releases or apply the patch as soon as possible to mitigate the defect and thwart any potential attacks exploiting the vulnerability.


News URL

https://thehackernews.com/2022/01/new-samba-bug-allows-remote-attackers.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-29 CVE-2022-0336 Incorrect Default Permissions vulnerability in multiple products
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database.
network
low complexity
samba fedoraproject CWE-276
8.8
2022-02-21 CVE-2021-44142 Out-of-bounds Write vulnerability in multiple products
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes.
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Samba 5 2 74 48 9 133