Vulnerability Name:

CVE-2021-44142 (CCN-218420)

Assigned:2021-11-22
Published:2022-01-31
Updated:2022-02-23
Summary:The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.9 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
8.6 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.9 Critical (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
8.6 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-125
CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-44142

Source: CCN
Type: US-CERT VU#119678
Samba vfs_fruit module insecurely handles extended file attributes

Source: CONFIRM
Type: Issue Tracking, Patch, Vendor Advisory
https://bugzilla.samba.org/show_bug.cgi?id=14914

Source: XF
Type: UNKNOWN
samba-cve202144142-code-exec(218420)

Source: CERT-VN
Type: Patch, Third Party Advisory
https://kb.cert.org/vuls/id/119678

Source: CCN
Type: IBM Security Bulletin 6556742 (Integrated Analytics System)
IBM Integrated Analytics System is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

Source: CCN
Type: IBM Security Bulletin 6557086 (Cloud Pak for Data System)
IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

Source: CCN
Type: IBM Security Bulletin 6559606 (Cloud Pak for Data System)
IBM Cloud Pak for Data System 2.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

Source: CCN
Type: IBM Security Bulletin 6559628 (Netezza for Cloud Pak for Data)
IBM Netezza for Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-44142).

Source: CCN
Type: IBM Security Bulletin 6585728 (Spectrum Scale)
A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)

Source: CCN
Type: IBM Security Bulletin 6967193 (Cloud Pak System Software Suite)
Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System [CVE-2021-44142]

Source: CCN
Type: Samba Web site
Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution

Source: CONFIRM
Type: Mitigation, Vendor Advisory
https://www.samba.org/samba/security/CVE-2021-44142.html

Source: CCN
Type: ZDI-22-244
Samba AppleDouble Entry Heap-based Buffer Overflow Remote Code Execution Vulnerability

Source: CCN
Type: ZDI-22-245
(Pwn2Own) Samba fruit_pread Out-Of-Bounds Read Information Disclosure Vulnerability

Source: CCN
Type: ZDI-22-246
(Pwn2Own) Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version < 4.13.17)
  • OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.14.0 and < 4.14.12)
  • OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.15.0 and < 4.15.5)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:synology:diskstation_manager:*:*:*:*:*:*:*:* (Version >= 6.2 and < 6.2.4-25556.4)

    • Configuration 5:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:gluster_storage:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:4.13.16:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:5.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7662
    P
    		libsamba-policy-devel-4.17.7+git.330.4057cd7a27a-150500.1.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3072
    P
    		fuse-2.9.3-6.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94702
    P
    		libsamba-policy-devel-4.15.5+git.328.f1f29505d84-150400.1.44 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:6156
    P
    		Security update for samba (Critical)
    2022-02-14
    oval:org.opensuse.security:def:4303
    P
    		Security update for samba (Critical)
    2022-02-14
    oval:org.opensuse.security:def:5339
    P
    		Security update for samba (Critical)
    2022-02-14
    oval:org.opensuse.security:def:1685
    P
    		Security update for samba (Critical)
    2022-02-08
    oval:org.opensuse.security:def:100744
    P
    		 (Critical)
    2022-02-08
    oval:org.opensuse.security:def:102309
    P
    		Security update for samba (Critical)
    2022-02-08
    oval:org.opensuse.security:def:99742
    P
    		 (Critical)
    2022-02-08
    oval:org.opensuse.security:def:1757
    P
    		Security update for samba (Critical)
    2022-02-08
    oval:org.opensuse.security:def:101627
    P
    		Security update for samba (Critical)
    2022-02-08
    oval:org.opensuse.security:def:935
    P
    		Security update for samba (Critical)
    2022-02-08
    oval:org.opensuse.security:def:100072
    P
    		 (Critical)
    2022-02-08
    oval:org.opensuse.security:def:102146
    P
    		Security update for samba (Critical)
    2022-02-08
    oval:org.opensuse.security:def:99206
    P
    		 (Critical)
    2022-02-08
    oval:org.opensuse.security:def:1586
    P
    		Security update for samba (Critical)
    2022-02-08
    oval:org.opensuse.security:def:100410
    P
    		 (Critical)
    2022-02-08
    oval:org.opensuse.security:def:42332
    P
    		Security update for samba (Critical)
    2022-02-08
    oval:org.opensuse.security:def:102246
    P
    		Security update for samba (Critical)
    2022-02-08
    oval:org.opensuse.security:def:99480
    P
    		 (Critical)
    2022-02-08
    oval:org.opensuse.security:def:127337
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:org.opensuse.security:def:119101
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:org.opensuse.security:def:125118
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:org.opensuse.security:def:118656
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:org.opensuse.security:def:119291
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:org.opensuse.security:def:125776
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:org.opensuse.security:def:118796
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:org.opensuse.security:def:119473
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:org.opensuse.security:def:126939
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:org.opensuse.security:def:118986
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:org.opensuse.security:def:119658
    P
    		Security update for samba (Critical)
    2022-02-01
    oval:com.redhat.rhsa:def:20220328
    P
    		RHSA-2022:0328: samba security and bug fix update (Critical)
    2022-01-31
    oval:com.redhat.rhsa:def:20220332
    P
    		RHSA-2022:0332: samba security and bug fix update (Critical)
    2022-01-31
    BACK
    samba samba *
    samba samba *
    samba samba *
    debian debian linux 10.0
    debian debian linux 11.0
    canonical ubuntu linux 14.04
    canonical ubuntu linux 16.04
    canonical ubuntu linux 18.04
    canonical ubuntu linux 20.04
    canonical ubuntu linux 21.10
    synology diskstation manager *
    fedoraproject fedora 34
    fedoraproject fedora 35
    redhat codeready linux builder -
    redhat gluster storage 3.5
    redhat virtualization host 4.0
    redhat enterprise linux 7.0
    redhat enterprise linux 8.0
    redhat enterprise linux desktop 7.0
    redhat enterprise linux eus 8.2
    redhat enterprise linux eus 8.4
    redhat enterprise linux for ibm z systems 7.0
    redhat enterprise linux for ibm z systems 8.0
    redhat enterprise linux for ibm z systems eus 8.2
    redhat enterprise linux for ibm z systems eus 8.4
    redhat enterprise linux for power big endian 7.0
    redhat enterprise linux for power little endian 7.0
    redhat enterprise linux for power little endian 8.0
    redhat enterprise linux for power little endian eus 8.2
    redhat enterprise linux for power little endian eus 8.4
    redhat enterprise linux for scientific computing 7.0
    redhat enterprise linux resilient storage 7.0
    redhat enterprise linux server 7.0
    redhat enterprise linux server 8.1
    redhat enterprise linux server aus 8.2
    redhat enterprise linux server aus 8.4
    redhat enterprise linux server tus 8.2
    redhat enterprise linux server tus 8.4
    redhat enterprise linux server update services for sap solutions 8.1
    redhat enterprise linux server update services for sap solutions 8.2
    redhat enterprise linux server update services for sap solutions 8.4
    redhat enterprise linux workstation 7.0
    samba samba 4.13.16
    ibm spectrum scale 5.0.0
    ibm spectrum scale 5.1.0