Lucene search

K
redhatcveRedhat.comRH:CVE-2021-44142
HistoryJan 31, 2022 - 3:06 p.m.

CVE-2021-44142

2022-01-3115:06:30
redhat.com
access.redhat.com
58
samba
vfs module
arbitrary code_execution
remote attacker
root privileges
workaround
smb.conf
boundary error
macos clients

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.18

Percentile

96.2%

An out-of-bounds heap read write vulnerability was found in Samba. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module (vfs_fruit), a remote attacker with ability to write to file’s extended attributes can trigger an out-of-bounds write and execute arbitrary code with root privileges.

Mitigation

As a workaround remove the "fruit" VFS module from the list of configured VFS objects in any "vfs objects" line in the Samba configuration smb.conf.

Note that changing the VFS module settings fruit:metadata or fruit:resource to use the unaffected setting causes all stored information to be inaccessible and will make it appear to macOS clients as if the information is lost.

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.18

Percentile

96.2%