Armis Logo< Back

CVE-2021-44142:

Out-of-bounds heap read and write vulnerability in Samba's vfs_fruit module allows remote code execution as root.


Score
Info
A numerical rating that indicates how dangerous this vulnerability is.

8.8High
  • Published Date:Feb 21, 2022
  • CISA KEV Date:*No Data*
  • Industries Affected:20

Threat Predictions

  • EPSS Score:27.7
  • EPSS Percentile:96%

Exploitability

  • Score:2.8
  • Attack Vector:NETWORK
  • Attack Complexity:LOW
  • Privileges Required:LOW
  • User Interaction:NONE
  • Scope:UNCHANGED

Impact

  • Score:5.9
  • Confidentiality Impact:HIGH
  • Integrity Impact:HIGH
  • Availability Impact:HIGH

Description Preview

Out-of-bounds heap read and write vulnerability in Samba's vfs_fruit module allows remote code execution as root.

Overview

CVE-2021-44142 is a serious security flaw in Samba's vfs_fruit module that affects all Samba installations with this module enabled. The vulnerability stems from improper handling of extended file attributes (EA/xattr) which are used by the module to enhance compatibility with Apple SMB clients and Netatalk 3 AFP fileservers. The issue combines both CWE-125 (Out-of-bounds Read) and CWE-787 (Out-of-bounds Write) vulnerabilities, allowing attackers to read from and write to memory locations outside the intended boundaries. This can lead to information disclosure, memory corruption, and ultimately arbitrary code execution with root privileges. The vulnerability is particularly dangerous as it can be exploited remotely by any user who has permission to modify extended attributes on files in the Samba share.

Remediation

  • To remediate this vulnerability, system administrators should:
  • 1. Update Samba to a patched version:
  • Version 4.13.17 or later
  • Version 4.14.12 or later
  • Version 4.15.5 or later
  • 2. If immediate updating is not possible, consider one of these mitigations:
  • Disable the vfs_fruit module in your Samba configuration
  • Restrict write access to the Samba share to trusted users only
  • Use network segmentation to limit access to the Samba server
  • 3. After updating, restart the Samba service to ensure the patch takes effect.
  • 4. Review system logs for any signs of exploitation attempts.
  • 5. Consider implementing additional security controls such as file integrity monitoring to detect unauthorized changes to system files.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Medium
Utilities icon
Utilities
Retail Trade icon
Retail Trade
Manufacturing icon
Manufacturing
Educational Services icon
Educational Services
Finance and Insurance icon
Finance and Insurance
Public Administration icon
Public Administration
Transportation and Warehousing icon
Transportation and Warehousing
Health Care and Social Assistance icon
Health Care and Social Assistance
Professional, Scientific, and Technical Services icon
Professional, Scientific, and Technical Services
Low
Mining icon
Mining
Information icon
Information
Construction icon
Construction
Wholesale Trade icon
Wholesale Trade
Real Estate Rental and Leasing icon
Real Estate Rental and Leasing
Accommodation and Food Services icon
Accommodation and Food Services
Arts, Entertainment, and Recreation icon
Arts, Entertainment, and Recreation
Management of Companies and Enterprises icon
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting icon
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration) icon
Other Services (except Public Administration)
Administrative and Support and Waste Management and Remediation Services icon
Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!