CVE-2021-44142

Summary

CVE	CVE-2021-44142
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-02-21 15:15:00 UTC
Updated	2023-11-07 03:39:00 UTC
Description	The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Risk And Classification

Problem Types: CWE-125 | CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Operating System	Canonical	Ubuntu Linux	21.10	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Application	Redhat	Codeready Linux Builder	-	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux For Ibm Z Systems	7.0	All	All	All
Operating System	Redhat	Enterprise Linux For Ibm Z Systems	8.0	All	All	All
Operating System	Redhat	Enterprise Linux For Ibm Z Systems Eus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux For Ibm Z Systems Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux For Power Big Endian	7.0	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian	7.0	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian	8.0	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian Eus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux For Scientific Computing	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Resilient Storage	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	8.1	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.1	All	All	All
Operating System	Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	7.0	All	All	All
Application	Redhat	Gluster Storage	3.5	All	All	All
Application	Redhat	Virtualization Host	4.0	All	All	All
Application	Samba	Samba	All	All	All	All
Application	Synology	Diskstation Manager	All	All	All	All

References

Reference	Source	Link	Tags
Zero Day Initiative — CVE-2021-44142: Details on a Samba Code Execution Bug Demonstrated at Pwn2Own Austin	MISC	www.zerodayinitiative.com	Exploit, Third Party Advisory, VDB Entry
Samba - Security Announcement Archive	CONFIRM	www.samba.org	Mitigation, Vendor Advisory
VU#119678 - Samba vfs_fruit module insecurely handles extended file attributes	CERT-VN	kb.cert.org	Patch, Third Party Advisory
Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security		security.gentoo.org
14914 – (CVE-2021-44142) CVE-2021-44142 [SECURITY] Out-of-Bound Read/Write on Samba vfs_fruit module	CONFIRM	bugzilla.samba.org	Issue Tracking, Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159607 Oracle Enterprise Linux Security Update for samba (ELSA-2022-0328)
159608 Oracle Enterprise Linux Security Update for samba (ELSA-2022-0332)
179066 Debian Security Update for samba (DSA 5071-1)
183878 Debian Security Update for samba (CVE-2021-44142)
198650 Ubuntu Security Notification for Samba Vulnerability (USN-5260-2)
198651 Ubuntu Security Notification for Samba Vulnerabilities (USN-5260-1)
240046 Red Hat Update for samba (RHSA-2022:0332)
240047 Red Hat Update for samba (RHSA-2022:0331)
240049 Red Hat Update for samba (RHSA-2022:0328)
240050 Red Hat Update for samba (RHSA-2022:0330)
240068 Red Hat Update for samba (RHSA-2022:0458)
240069 Red Hat Update for samba (RHSA-2022:0457)
240420 Red Hat Update for samba (RHSA-2022:0664)
257150 CentOS Security Update for samba (CESA-2022:0328)
282312 Fedora Security Update for samba (FEDORA-2022-50da406d40)
282317 Fedora Security Update for samba (FEDORA-2022-055efdd9dc)
296057 Oracle Solaris 11.4 Support Repository Update (SRU) 44.113.4 Missing (bulletinapr2022)
353164 Amazon Linux Security Advisory for samba : ALAS2-2022-1746
353170 Amazon Linux Security Advisory for samba : ALAS-2022-1564
354310 Amazon Linux Security Advisory for samba : ALAS2022-2022-022
354496 Amazon Linux Security Advisory for samba : ALAS2022-2022-224
354550 Amazon Linux Security Advisory for samba : ALAS-2022-224
376944 Alibaba Cloud Linux Security Update for samba (ALINUX2-SA-2022:0009)
376950 Alibaba Cloud Linux Security Update for samba (ALINUX3-SA-2022:0010)
38857 Samba Out-Of-Bounds Heap Read/Write Vulnerability
501490 Alpine Linux Security Update for samba
501779 Alpine Linux Security Update for samba
502620 Alpine Linux Security Update for samba
503810 Alpine Linux Security Update for samba
671442 EulerOS Security Update for samba (EulerOS-SA-2022-1459)
671468 EulerOS Security Update for samba (EulerOS-SA-2022-1438)
671569 EulerOS Security Update for samba (EulerOS-SA-2022-1586)
671587 EulerOS Security Update for samba (EulerOS-SA-2022-1551)
671623 EulerOS Security Update for samba (EulerOS-SA-2022-1666)
671635 EulerOS Security Update for samba (EulerOS-SA-2022-1652)
671687 EulerOS Security Update for samba (EulerOS-SA-2022-1763)
690784 Free Berkeley Software Distribution (FreeBSD) Security Update for samba (8579074c-839f-11ec-a3b2-005056a311d1)
710751 Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202309-06)
730392 Palo Alto Networks (PAN-OS) Impact of the Samba Vulnerability (PAN-187873)
751674 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0251-1)
751675 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0271-1)
751676 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0284-1)
751677 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0287-1)
751678 OpenSUSE Security Update for samba (openSUSE-SU-2022:0287-1)
751680 OpenSUSE Security Update for samba (openSUSE-SU-2022:0283-1)
751681 OpenSUSE Security Update for samba (openSUSE-SU-2022:0284-1)
751683 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0323-1)
751994 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0283-1)
901364 Common Base Linux Mariner (CBL-Mariner) Security Update for samba (8611)
940442 AlmaLinux Security Update for samba (ALSA-2022:0332)
960106 Rocky Linux Security Update for samba (RLSA-2022:332)
960866 Rocky Linux Security Update for samba (RLSA-2022:0332)