h0w1tzr’s Comments: This is another doozy of a vulnerability against modern day Linux systems, and I would HIGHLY recommend that you patch your systems IMMEDIATELY!
Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software.
Samba is an SMB networking protocol re-implementation that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over a network.
The vulnerability, tracked as CVE-2021-44142 and reported by Orange Tsai of DEVCORE, is an out-of-bounds heap read/write present in the vfs_fruit VFS module when parsing EA metadata when opening files in smbd.
“The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file,” Samba explained in a security advisory published today.
“If both options are set to different settings than the default values, the system is not affected by the security issue.”
The vulnerable vfs_fruit module is designed to provide enhanced compatibility with Apple SMB clients and Netatalk 3 AFP fileservers.
According to the CERT Coordination Center (CERT/CC), the list of platforms impacted by this vulnerability includes Red Hat, SUSE Linux, and Ubuntu.
Links
-
- Bleeping Computer: https://t.ly/kNyO
- Zero Day Initiative: https://t.ly/yyCe
- MITRE CVE: https://t.ly/7o4d