logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-44142

Description

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.


Affected Software


CPE Name Name Version
samba:samba samba 4.13.17
samba:samba samba 4.14.12
samba:samba samba 4.15.5
debian:debian_linux debian debian linux 10.0
debian:debian_linux debian debian linux 11.0
canonical:ubuntu_linux canonical ubuntu linux 14.04
canonical:ubuntu_linux canonical ubuntu linux 16.04
canonical:ubuntu_linux canonical ubuntu linux 18.04
canonical:ubuntu_linux canonical ubuntu linux 20.04
canonical:ubuntu_linux canonical ubuntu linux 21.10
synology:diskstation_manager synology diskstation manager 6.2.4-25556.4
fedoraproject:fedora fedoraproject fedora 34
fedoraproject:fedora fedoraproject fedora 35
redhat:codeready_linux_builder redhat codeready linux builder -
redhat:gluster_storage redhat gluster storage 3.5
redhat:virtualization_host redhat virtualization host 4.0
redhat:enterprise_linux redhat enterprise linux 7.0
redhat:enterprise_linux redhat enterprise linux 8.0
redhat:enterprise_linux_desktop redhat enterprise linux desktop 7.0
redhat:enterprise_linux_eus redhat enterprise linux eus 8.2
redhat:enterprise_linux_eus redhat enterprise linux eus 8.4
redhat:enterprise_linux_for_ibm_z_systems redhat enterprise linux for ibm z systems 7.0
redhat:enterprise_linux_for_ibm_z_systems redhat enterprise linux for ibm z systems 8.0
redhat:enterprise_linux_for_ibm_z_systems_eus redhat enterprise linux for ibm z systems eus 8.2
redhat:enterprise_linux_for_ibm_z_systems_eus redhat enterprise linux for ibm z systems eus 8.4
redhat:enterprise_linux_for_power_big_endian redhat enterprise linux for power big endian 7.0
redhat:enterprise_linux_for_power_little_endian redhat enterprise linux for power little endian 7.0
redhat:enterprise_linux_for_power_little_endian redhat enterprise linux for power little endian 8.0
redhat:enterprise_linux_for_power_little_endian_eus redhat enterprise linux for power little endian eus 8.2
redhat:enterprise_linux_for_power_little_endian_eus redhat enterprise linux for power little endian eus 8.4
redhat:enterprise_linux_for_scientific_computing redhat enterprise linux for scientific computing 7.0
redhat:enterprise_linux_resilient_storage redhat enterprise linux resilient storage 7.0
redhat:enterprise_linux_server redhat enterprise linux server 7.0
redhat:enterprise_linux_server redhat enterprise linux server 8.1
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 8.2
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 8.4
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 8.2
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 8.4
redhat:enterprise_linux_server_update_services_for_sap_solutions redhat enterprise linux server update services for sap solutions 8.1
redhat:enterprise_linux_server_update_services_for_sap_solutions redhat enterprise linux server update services for sap solutions 8.2
redhat:enterprise_linux_server_update_services_for_sap_solutions redhat enterprise linux server update services for sap solutions 8.4
redhat:enterprise_linux_workstation redhat enterprise linux workstation 7.0

Related