We use cookies to help us improve our webpage. Please read our Cookie Policy .

AS-2022-001: Samba

2022-02-15

Severity

Important

Status

Resolved


Statement

A vulnerability that allows remote authenticated users to execute arbitrary code via Samba vfs_fruit module has been resolved on ADM 4.0.3 and ADM 3.5.8.


Affected Products

Product Severity Fixed Release Availability
ADM 4.0 Important Upgrade to 4.0.3.RQ81 or above.
ADM 3.5 Important Upgrade to 3.5.8.RQA1 or above.

Detail

  • CVE-2021-44142
    • Severity: Important
    • The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Reference


Revision

Revision Date Description
1 2022-02-15 Initial public release.