======================================================================
== Subject:     Out-of-bounds heap read/write vulnerability
==              in VFS module vfs_fruit allows code execution
==
== CVE ID#:     CVE-2021-44142
==
== Versions:    All versions of Samba priors to 4.13.17
==
== Summary:     This vulnerability allows network-adjacent attackers
==              to execute arbitrary code as root on affected Samba
==              installations that use the VFS module vfs_fruit.
======================================================================

===========
Description
===========

All versions of Samba priors to 4.13.17 are vulnerable to an
out-of-bounds heap read write vulnerability that allows
network-adjacent attackers to execute arbitrary code as root on
affected Samba installations that use the VFS module vfs_fruit.

Authentication is not required to exploit this vulnerablity. The
specific flaw exists within the parsing of EA metadata when opening
files in smbd.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    https://www.samba.org/samba/security/

Additionally, Samba 4.13.17, 4.14.12 and 4.15.4 have been issued as
security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

Base score 9.0.

==========
Workaround
==========

As a workaround remove the "fruit" VFS module from the list of
configured VFS objects in any "vfs objects" line in the Samba
configuration smb.conf.

=======
Credits
=======

Originally reported by Orange Tsai from Devcore.

Patches provided by Ralph Böhme of the Samba team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================