Samba is a reimplementation of the SMB network protocol that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over the network.
The vulnerability tracked as CVE-2021-44142, is an out-of-bounds heap read-write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module, vfs_fruit.
The problem with vfs_fruit is the default configuration of the FruitVFS module with fruit: metadata = netatalk or fruit: resource = file. If both options are set to a setting other than the default value, the system will not be affected by security issues.
The vulnerable vfs_fruit module is designed to improve compatibility with Apple SMB clients and Netatalk 3AFP file servers.
According to the CERT Coordination Center (CERT / CC), this vulnerability affects the platforms including Red Hat, SUSE Linux, and Ubuntu.
Samba has released a security update for its critical severity vulnerability that could allow an attacker to perform remote code execution with root privileges on servers running vulnerable software.
Affected versions
All versions of Samba before 4.13.17 are affected by this vulnerability.
Mitigation
Customers are advised to update to Samba Version 4.13.17, 4.14.12, 4.15.5, or later to patch the vulnerability. For more information, please refer to the Samba Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QID 38857 to detect vulnerable assets. We have also added OS-specific package-based detections to address the vulnerability.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.
References
https://kb.cert.org/vuls/id/119678
https://www.samba.org/samba/security/CVE-2021-44142.html
https://thehackernews.com/2022/01/new-samba-bug-allows-remote-attackers.html
https://www.bleepingcomputer.com/news/security/samba-bug-can-let-remote-attackers-execute-code-as-root/