A Vulnerability in Samba Could Allow for Arbitrary Code Execution
by CIRT Team
DESCRIPTION:
A vulnerability has been discovered in Samba which could allow for
arbitrary code execution. Samba is the standard Windows interoperability
suite of programs for Linux and Unix. Successful exploitation of this
vulnerability could result in arbitrary code execution as root on
affected Samba installations that use the VFS module vfs_fruit.
Depending on the permission associated with the application running the
exploit, an attacker could then install programs; view, change, or
delete data.
IMPACT:
A vulnerability has been discovered in Samba installations that use the
vfs_fruit module, which could allow for arbitrary code execution. An
out-of-bounds heap read write vulnerability exists within the parsing of
EA metadata when opening files in smbd. Access as a user that has write
access to a file’s extended attributes is required to exploit this
vulnerability. This could be a guest or unauthenticated user if such
users are allowed write access to file extended attributes. The problem
in vfs_fruit exists in the default configuration of the fruit VFS module
using fruit:metadata=netatalk or fruit:resource=file. If both options
are set to different settings than the default values, the system is not
affected by the security issue.
Successful exploitation of this vulnerability could result in arbitrary
code execution as root on affected Samba installations. Depending on the
permission associated with the application running the exploit, an
attacker could then install programs; view, change, or delete data.
SYSTEM AFFECTED:
* Samba prior to version 4.13.17
RECOMMENDATIONS:
We recommend the following actions be taken:
* Apply appropriate patches provided by Samba to vulnerable systems and
servers immediately after appropriate testing.
* Run all software as a non-privileged user (one without administrative
privileges) to diminish the effects of a successful attack.
* Evaluate read, write, and execute permissions on all newly installed
software.
* Apply the Principle of Least Privilege to all systems and services.
REFERENCES:
https://www.samba.org/samba/security/CVE-2021-44142.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142
https://thehackernews.com/2022/01/new-samba-bug-allows-remote-attackers.html
Published: 09 Feburary 2022, 12:47:20 BST
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
