Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-44142
HistoryJan 31, 2022 - 12:00 a.m.

CVE-2021-44142

2022-01-3100:00:00
ubuntu.com
ubuntu.com
47
samba
vfs_fruit
extended file attributes
out-of-bounds
heap
arbitrary code execution
smbd

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.18

Percentile

96.2%

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to
provide β€œβ€¦enhanced compatibility with Apple SMB clients and
interoperability with a Netatalk 3 AFP fileserver.” Samba versions prior to
4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds
heap read and write via specially crafted extended file attributes. A
remote attacker with write access to extended file attributes can execute
arbitrary code with the privileges of smbd, typically root.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsamba<Β 2:4.7.6+dfsg~ubuntu-0ubuntu2.28UNKNOWN
ubuntu20.04noarchsamba<Β 2:4.13.17~dfsg-0ubuntu0.21.04.1UNKNOWN
ubuntu21.10noarchsamba<Β 2:4.13.17~dfsg-0ubuntu0.21.10.1UNKNOWN
ubuntu22.04noarchsamba<Β 4.13.17~dfsg-0ubuntu1UNKNOWN
ubuntu14.04noarchsamba<Β 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12UNKNOWN
ubuntu16.04noarchsamba<Β 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1UNKNOWN

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.18

Percentile

96.2%