The Samba-Bugzilla – Attachment 17119 Details for
Bug 14914
CVE-2021-44142 [SECURITY] Out-of-Bound Read/Write on Samba vfs_fruit module
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
CVE-2021-44142 Advisory v5
CVE-2021-44142-advisory-v5.txt (text/plain), 2.57 KB, created by
Ralph Böhme
on 2022-01-24 09:20:33 UTC
(
hide
)
Description:
CVE-2021-44142 Advisory v5
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2022-01-24 09:20:33 UTC
Size:
2.57 KB
patch
obsolete
>================================================================= >== Subject: Out-of-bounds heap read/write vulnerability >== in VFS module vfs_fruit allows code execution >== >== CVE ID#: CVE-2021-44142 >== >== Versions: All versions of Samba prior to 4.13.17 >== >== Summary: This vulnerability allows remote attackers to >== execute arbitrary code as root on affected Samba >== installations that use the VFS module vfs_fruit. >================================================================= > >=========== >Description >=========== > >All versions of Samba prior to 4.13.17 are vulnerable to an >out-of-bounds heap read write vulnerability that allows remote >attackers to execute arbitrary code as root on affected Samba >installations that use the VFS module vfs_fruit. > >The specific flaw exists within the parsing of EA metadata when >opening files in smbd. Access as a user that has write access to a >file's extended attributes is required to exploit this >vulnerability. Note that this could be a guest or unauthenticated user >if such users are allowed write access to file extended attributes. > >The problem in vfs_fruit exists in the default configuration of the >fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. >If both options are set to different setting then the default values, >the system is not affected by the security issue. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba 4.13.17, 4.14.12 and 4.15.5 have been issued as >security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C > >Base score 9.9. > >========== >Workaround >========== > >As a workaround remove the "fruit" VFS module from the list of >configured VFS objects in any "vfs objects" line in the Samba >configuration smb.conf. > >Note that changing the VFS module settings fruit:metadata or >fruit:resource to use the unaffected setting causes all stored >information to be inaccessible and will make it appear to macOS >clients as if the information is lost. > > >======= >Credits >======= > >Originally reported by Orange Tsai from DEVCORE. > >Patches provided by Ralph Böhme of the Samba team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >==========================================================
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review-
Actions:
View
Attachments on
bug 14914
:
17008
|
17084
|
17087
|
17088
|
17089
|
17090
|
17091
|
17092
|
17093
|
17094
|
17115
|
17116
|
17117
|
17119
|
17128