Samba developers have patched a vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.
Samba is a free software re-implementation of the SMB networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain.
The vfs_fruit module provides enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Netatalk is a freely-available Open Source AFP fileserver. A UNIX, Linux or BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server (AFP).
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The vulnerability in Samba that received a CVSS score of 9.9 out of 10 has been assigned CVE-2021-44142.
The vulnerability is described as an out-of-bounds heap read/write vulnerability. The heap is the name for the part of the systemβs memory that is allocated for the use of programs. If a flaw in a program allows it to read or write outside of the bounds set for the program, it is possible to manipulate other parts of the memory which are allocated to more critical functions. This can allow an attacker to write code to a part of the memory where it will be executed with permissions that the program and user should not have. In this case as root, which is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system.
The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk orfruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue.
The patch for this vulnerability was included in a security update that also patches some other issues:
Samba administrators should upgrade to these releases or apply the patch as soon as possible to mitigate the defect and thwart any potential attacks exploiting the vulnerability. But, as a workaround it is possible to remove the "fruit" VFS module from the list of configured VFS objects in any vfs objects line in the Samba configuration filesmb.conf.
Please note that changing the VFS module settings fruit:metadata orfruit:resource to use the unaffected setting causes all stored information to be inaccessible and will make it appear to macOS clients as if the information is lost.
Stay safe, everyone!
The post Samba patches critical vulnerability that allows remote code execution as root appeared first on Malwarebytes Labs.