“The Windows SMB, which is used for remote services, can be abused by attackers to propagate through the organization’s network, or used as a jump-off point to spread to other connected systems. “Given the standard use of Samba for system interoperability via the SMB protocol, administrators should monitor shared file, printer, and access sharing data transmissions,” the ZDI team advised. SambaCry (CVE-2017-7494) has been, for example, used in the past to compromise NAS devices and deliver ransomware. Though there is no indication that CVE-2021-44142 is being exploited in active attacks, it is not unusual for attackers to exploit Samba vulnerabilities. “The company’s vendor list shows that the potential sectors affected by this security concern include critical industries such as communications, energy, government, manufacturing, and science and technology, as well as consumer devices such as appliances and internet of things (IoT) devices,” ZDI added. ZDI also advises that many different vendors will need to update their version to ship with affected devices (such as NAS devices), so the release of additional patches can be expected,” the ZDI team noted.ĬERT/CC lists Red Hat, SUSE Linux and Ubuntu as affected. ![]() “Administrators are advised to focus on testing and deploying the patch to remediate the vulnerability. The Samba Team has also pointed out a workaround: removing the fruit VFS module from the list of configured VFS objects in any vfs objects line in the Samba configuration smb.conf, but warned that this might cause “all stored information to be inaccessible and will make it appear to macOS clients as if the information is lost.”įor that and other reasons, updating is the best option. The patch has also been included in Samba 4.14.12 and 4.15.5. The flaw affects all versions of Samba prior to 4.13.17. The heap-based buffer overflow variant of the bug was discovered and reported by ZDI vulnerability researcher Lucas Leong. It was also independently discovered by Orange Tsai of DEVCORE and reported to the Samba team. If both options are set to different settings than the default values, the system is not affected by the security issue,” they noted.ĬVE-2021-44142 was discovered and its exploitation demonstrated at the Pwn2Own Austin 2021 in November 2021 by Nguyễn Hoàng Thạch and Billy Jheng Bing-Jhong of STAR Labs. “The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. The specific flaw exists within the parsing of EA metadata in the Samba server daemon (smbd) when opening a file,” the ZDI Research Team noted, and shared technical details about the flaw and a variant – all of which have been patched in the latest Samba security updates.Īccording to the Samba Team, the vulnerability can be exploited by any user that has write access to a file’s extended attributes – even a guest or unauthenticated user if they have those permissions.īut not all systems may be affected. It allows Unix-like systems to serve as file servers for Apple devices. Netatalk is an open-source implementation of the Apple Filing Protocol (AFP). “The fruit module that ships with Samba is designed to provide interoperability between Samba and Netatalk. Samba allows file and print sharing between computers running Windows and those running Unix or Linux.ĬVE-2021-44142 is an out-of-bounds heap read/write vulnerability in Samba’s vfs_fruit virtual file system (VFS) module. ![]() Several updated versions of Samba have been released on Monday, fixing CVE-2021-44142 and two other flaws ( 1, 2), but since the software is included in most Linux and Unix-like operating systems (including Apple’s macOS and macOS Server), users of those are advised to keep an eye out for specific updates by those developer teams. A critical vulnerability (CVE-2021-44142) in Samba, a widely used open source implementation of the Server Message Block (SMB) networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |