CVE-2021-44142

Name
CVE-2021-44142
Description
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mitigation https://www.samba.org/samba/security/CVE-2021-44142.html
Patch https://kb.cert.org/vuls/id/119678
Issue Tracking https://bugzilla.samba.org/show_bug.cgi?id=14914
Exploit https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= None < 4.13.17
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.14.0 < 4.14.12
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.15.0 < 4.15.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
samba 3.13-main 4.13.17-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
samba 3.12-main 4.12.15-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable