A Vulnerability in Samba Could Allow for Arbitrary Code Execution
by CIRT Team
A vulnerability has been discovered in Samba which could allow for
arbitrary code execution. Samba is the standard Windows interoperability
suite of programs for Linux and Unix. Successful exploitation of this
vulnerability could result in arbitrary code execution as root on
affected Samba installations that use the VFS module vfs_fruit.
Depending on the permission associated with the application running the
exploit, an attacker could then install programs; view, change, or
A vulnerability has been discovered in Samba installations that use the
vfs_fruit module, which could allow for arbitrary code execution. An
out-of-bounds heap read write vulnerability exists within the parsing of
EA metadata when opening files in smbd. Access as a user that has write
access to a file’s extended attributes is required to exploit this
vulnerability. This could be a guest or unauthenticated user if such
users are allowed write access to file extended attributes. The problem
in vfs_fruit exists in the default configuration of the fruit VFS module
using fruit:metadata=netatalk or fruit:resource=file. If both options
are set to different settings than the default values, the system is not
affected by the security issue.
Successful exploitation of this vulnerability could result in arbitrary
code execution as root on affected Samba installations. Depending on the
permission associated with the application running the exploit, an
attacker could then install programs; view, change, or delete data.
* Samba prior to version 4.13.17
We recommend the following actions be taken:
* Apply appropriate patches provided by Samba to vulnerable systems and
servers immediately after appropriate testing.
* Run all software as a non-privileged user (one without administrative
privileges) to diminish the effects of a successful attack.
* Evaluate read, write, and execute permissions on all newly installed
* Apply the Principle of Least Privilege to all systems and services.
Published: 09 Feburary 2022, 12:47:20 BST
26 Oct 2023 - Security Advisories & Alerts