Bugzilla – Bug 1194859
VUL-0: CVE-2021-44142: samba: Out-of-Bound Read/Write on Samba vfs_fruit module ( VU#119678 )
Last modified: 2022-05-16 16:45:19 UTC
is public https://www.samba.org/samba/security/CVE-2021-44142.html CVE-2022-44142.html: ================================================================= == Subject: Out-of-bounds heap read/write vulnerability == in VFS module vfs_fruit allows code execution == == CVE ID#: CVE-2021-44142 == == Versions: All versions of Samba prior to 4.13.17 == == Summary: This vulnerability allows remote attackers to == execute arbitrary code as root on affected Samba == installations that use the VFS module vfs_fruit. ================================================================= =========== Description =========== All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue. ================== Patch Availability ================== Patches addressing both these issues have been posted to: https://www.samba.org/samba/security/ Additionally, Samba 4.13.17, 4.14.12 and 4.15.5 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible. ================== CVSSv3 calculation ================== CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C Base score 9.9. ========== Workaround ========== As a workaround remove the "fruit" VFS module from the list of configured VFS objects in any "vfs objects" line in the Samba configuration smb.conf. Note that changing the VFS module settings fruit:metadata or fruit:resource to use the unaffected setting causes all stored information to be inaccessible and will make it appear to macOS clients as if the information is lost. ======= Credits ======= Originally reported by Orange Tsai from DEVCORE. Patches provided by Ralph Böhme of the Samba team. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================
SUSE-SU-2022:0252-1: An update that fixes one vulnerability is now available. Category: security (critical) Bug References: 1194859 CVE References: CVE-2021-44142 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): samba-4.4.2-38.48.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0251-1: An update that fixes one vulnerability is now available. Category: security (critical) Bug References: 1194859 CVE References: CVE-2021-44142 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): samba-4.7.11+git.365.5e9f8cc5fa0-4.63.1 SUSE Linux Enterprise Server 15-LTSS (src): samba-4.7.11+git.365.5e9f8cc5fa0-4.63.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): samba-4.7.11+git.365.5e9f8cc5fa0-4.63.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): samba-4.7.11+git.365.5e9f8cc5fa0-4.63.1 SUSE Linux Enterprise High Availability 15 (src): samba-4.7.11+git.365.5e9f8cc5fa0-4.63.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0271-1: An update that fixes one vulnerability is now available. Category: security (critical) Bug References: 1194859 CVE References: CVE-2021-44142 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 SUSE OpenStack Cloud Crowbar 8 (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 SUSE OpenStack Cloud 9 (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 SUSE OpenStack Cloud 8 (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 SUSE Linux Enterprise High Availability 12-SP4 (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 SUSE Linux Enterprise High Availability 12-SP3 (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 HPE Helion Openstack 8 (src): samba-4.6.16+git.320.a2d80a7efef-3.70.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0287-1: An update that fixes one vulnerability is now available. Category: security (critical) Bug References: 1194859 CVE References: CVE-2021-44142 JIRA References: Sources used: SUSE Manager Server 4.1 (src): samba-4.11.14+git.319.91d693db37c-4.35.1 SUSE Manager Retail Branch Server 4.1 (src): samba-4.11.14+git.319.91d693db37c-4.35.1 SUSE Manager Proxy 4.1 (src): samba-4.11.14+git.319.91d693db37c-4.35.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): samba-4.11.14+git.319.91d693db37c-4.35.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): samba-4.11.14+git.319.91d693db37c-4.35.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): samba-4.11.14+git.319.91d693db37c-4.35.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): samba-4.11.14+git.319.91d693db37c-4.35.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): samba-4.11.14+git.319.91d693db37c-4.35.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): samba-4.11.14+git.319.91d693db37c-4.35.1 SUSE Linux Enterprise High Availability 15-SP2 (src): samba-4.11.14+git.319.91d693db37c-4.35.1 SUSE Enterprise Storage 7 (src): samba-4.11.14+git.319.91d693db37c-4.35.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0284-1: An update that fixes one vulnerability is now available. Category: security (critical) Bug References: 1194859 CVE References: CVE-2021-44142 JIRA References: Sources used: openSUSE Leap 15.4 (src): samba-4.9.5+git.483.212a7ebca6b-3.64.1
openSUSE-SU-2022:0283-1: An update that solves 8 vulnerabilities, contains one feature and has two fixes is now available. Category: security (important) Bug References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048 CVE References: CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 JIRA References: SLE-23329 Sources used: openSUSE Leap 15.3 (src): apparmor-2.13.6-150300.3.11.2, krb5-1.19.2-150300.8.3.2, krb5-mini-1.19.2-150300.8.3.2, ldb-2.4.1-150300.3.10.1, libapparmor-2.13.6-150300.3.11.1, samba-4.15.4+git.324.8332acf1a63-150300.3.25.3, sssd-1.16.1-150300.23.17.3, talloc-2.3.3-150300.3.3.2, talloc-man-2.3.3-150300.3.3.1, tdb-1.4.4-150300.3.3.2, tevent-0.11.0-150300.3.3.2, tevent-man-0.11.0-150300.3.3.1
SUSE-SU-2022:0283-1: An update that solves 8 vulnerabilities, contains one feature and has two fixes is now available. Category: security (important) Bug References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048 CVE References: CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 JIRA References: SLE-23329 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): apparmor-2.13.6-150300.3.11.2, krb5-1.19.2-150300.8.3.2 SUSE Linux Enterprise Module for Python2 15-SP3 (src): samba-4.15.4+git.324.8332acf1a63-150300.3.25.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): apparmor-2.13.6-150300.3.11.2, krb5-1.19.2-150300.8.3.2, ldb-2.4.1-150300.3.10.1, libapparmor-2.13.6-150300.3.11.1, samba-4.15.4+git.324.8332acf1a63-150300.3.25.3, sssd-1.16.1-150300.23.17.3, talloc-2.3.3-150300.3.3.2, talloc-man-2.3.3-150300.3.3.1, tdb-1.4.4-150300.3.3.2, tevent-0.11.0-150300.3.3.2, tevent-man-0.11.0-150300.3.3.1 SUSE Linux Enterprise Micro 5.1 (src): apparmor-2.13.6-150300.3.11.2, krb5-1.19.2-150300.8.3.2, ldb-2.4.1-150300.3.10.1, libapparmor-2.13.6-150300.3.11.1, sssd-1.16.1-150300.23.17.3, talloc-2.3.3-150300.3.3.2, tdb-1.4.4-150300.3.3.2, tevent-0.11.0-150300.3.3.2 SUSE Linux Enterprise High Availability 15-SP3 (src): samba-4.15.4+git.324.8332acf1a63-150300.3.25.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0284-1: An update that fixes one vulnerability is now available. Category: security (critical) Bug References: 1194859 CVE References: CVE-2021-44142 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): samba-4.9.5+git.483.212a7ebca6b-3.64.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): samba-4.9.5+git.483.212a7ebca6b-3.64.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): samba-4.9.5+git.483.212a7ebca6b-3.64.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): samba-4.9.5+git.483.212a7ebca6b-3.64.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): samba-4.9.5+git.483.212a7ebca6b-3.64.1 SUSE Linux Enterprise High Availability 15-SP1 (src): samba-4.9.5+git.483.212a7ebca6b-3.64.1 SUSE Enterprise Storage 6 (src): samba-4.9.5+git.483.212a7ebca6b-3.64.1 SUSE CaaS Platform 4.0 (src): samba-4.9.5+git.483.212a7ebca6b-3.64.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0287-1: An update that fixes one vulnerability is now available. Category: security (critical) Bug References: 1194859 CVE References: CVE-2021-44142 JIRA References: Sources used: openSUSE Leap 15.4 (src): samba-4.11.14+git.319.91d693db37c-4.35.1
SUSE-SU-2022:0323-1: An update that solves 6 vulnerabilities, contains one feature and has 5 fixes is now available. Category: security (critical) Bug References: 1089938,1139519,1158916,1180064,1182058,1191227,1192684,1193533,1193690,1194859,1195048 CVE References: CVE-2020-29361,CVE-2021-20316,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 JIRA References: SLE-23330 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): apparmor-2.8.2-56.6.3, p11-kit-0.23.2-8.3.2, samba-4.15.4+git.324.8332acf1a63-3.54.1, sssd-1.16.1-7.28.9 SUSE Linux Enterprise Server 12-SP5 (src): apparmor-2.8.2-56.6.3, ca-certificates-1_201403302107-15.3.3, gnutls-3.4.17-8.4.1, libnettle-3.1-21.3.2, p11-kit-0.23.2-8.3.2, samba-4.15.4+git.324.8332acf1a63-3.54.1, sssd-1.16.1-7.28.9, yast2-samba-client-3.1.23-3.3.1 SUSE Linux Enterprise High Availability 12-SP5 (src): samba-4.15.4+git.324.8332acf1a63-3.54.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi Samba team, Please let us know if the following packages are affected, we have customers asking for that. - SUSE:SLE-11-SP1:Update/samba 3.4.3 - SUSE:SLE-11-SP3:Update/samba 3.6.3
(In reply to Gianluca Gabrielli from comment #28) > Hi Samba team, > > Please let us know if the following packages are affected, we have customers > asking for that. > > - SUSE:SLE-11-SP1:Update/samba 3.4.3 > - SUSE:SLE-11-SP3:Update/samba 3.6.3 There is no vfs_fruit module in 3.6.3 , I couldn't find any mention in the source code of the extended attribute 'org.netatalk.Metadata' so I don't believe these code streams are affected
SUSE-SU-2022:0361-1: An update that solves 11 vulnerabilities, contains one feature and has two fixes is now available. Category: security (critical) Bug References: 1014440,1188727,1189017,1189875,1192214,1192215,1192246,1192247,1192283,1192284,1192505,1192849,1194859 CVE References: CVE-2016-2124,CVE-2020-17049,CVE-2020-25717,CVE-2020-25718,CVE-2020-25719,CVE-2020-25721,CVE-2020-25722,CVE-2021-20254,CVE-2021-23192,CVE-2021-3738,CVE-2021-44142 JIRA References: SLE-18456 Sources used: SUSE Enterprise Storage 7 (src): ldb-2.2.2-4.6.1, samba-4.13.13+git.545.5897c2d94f3-3.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
also factory has received the update