CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution


All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.

The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.

The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file.

CVSSv3 Base score 9.9.
This vulnerability allows remote code execution.

Patches addressing both these issues have been posted to:

Additionally, Samba 4.13.17, 4.14.12 and 4.15.5 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or
apply the patch as soon as possible. As a workaround remove the “fruit” VFS module from the list of
configured VFS objects in any “vfs objects” line in the Samba configuration smb.conf.

Reference URL: