Lucene search

K
thnThe Hacker NewsTHN:61909FFAAC80372942BFAE32AACCD487
HistoryFeb 01, 2022 - 4:16 a.m.

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

2022-02-0104:16:00
The Hacker News
thehackernews.com
176
samba
remote attackers
arbitrary code
root
software updates
cve-2021-44142
out-of-bounds
vfs module
vfs_fruit
smb protocol
linux distributions
red hat
suse linux
ubuntu
cert/cc
zero day initiative
orange tsai
devcore
microsoft exchange
cve-2021-44141
information leak
symlinks
cve-2022-0336
samba ad users
patch

EPSS

0.18

Percentile

96.2%

Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations.

Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module “vfs_fruit” that provides compatibility with Apple SMB clients.

Samba is a popular freeware implementation of the Server Message Block (SMB) protocol that allows users to access files, printers, and other commonly shared resources over a network.

“All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit,” the maintainers said in an advisory published on January 31.

According to the CERT Coordination Center (CERT/CC), the flaw also affects widely used Linux distributions such as Red Hat, SUSE Linux, and Ubuntu.

“The specific flaw exists within the parsing of EA metadata in the Samba server daemon (smbd) when opening a file,” the Zero Day Initiative said in an independent write-up. “An attacker can leverage this vulnerability to execute code in the context of root.”

The vulnerability, rated 9.9 on the CVSS scale, has been credited to security researcher Orange Tsai from DEVCORE, who last year disclosed the widely-exploited flaws in Microsoft Exchange Server. Additionally, the fix has been issued in Samba versions 4.14.12 and 4.15.5.

Also addressed by Samba are two separate flaws —

  • CVE-2021-44141 (CVSS score: 4.2) - Information leak via symlinks of existence of files or directories outside of the exported share (Fixed in Samba version 4.15.5)
  • CVE-2022-0336 (CVSS score: 3.1) - Samba AD users with permission to write to an account can impersonate arbitrary services (Fixed in Samba versions 4.13.17, 4.14.12, and 4.15.4)

Samba administrators are recommended to upgrade to these releases or apply the patch as soon as possible to mitigate the defect and thwart any potential attacks exploiting the vulnerability.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.