A newly discovered critical vulnerability in Samba could allow remote attackers to execute arbitrary code as root on affected installations.
All versions of Samba prior to version 4.13.17 are vulnerable to the heap overflow memory handling vulnerability – providing they are running the flawed VFS module vfs_fruit.
Samba is a widely used free software implementation of the SMB networking protocol. The vulnerability (CVE-2021-44142), discovered by noted web security researcher Orange Tsai, scores a near-maximum CVSS score of 9.9.
Successful exploitation of the flaw would allow hackers to read or write arbitrary data from memory without needing to secure any administrative privileges on targeted systems.
Samba administrators are advised to upgrade to the latest releases (4.13.17, 4.14.12 and 4.15.5) or apply a patch as soon as possible. Mitigation short of patching would involve changing Samba configuration files so that the vulnerable vfs_fruit module doesn’t run.
“The specific flaw exists within the parsing of EA metadata when opening files in SMBD,” an advisory on the flaw from developers of Samba explains.
The ability to write access to file extended attributes is needed in order to attack the flaw, but such permissions are granted to guest or unauthenticated users.
The Daily Swig invited researcher Orange Tsai to comment on how they had discovered the vulnerability as well as what real world impact it might have. No word back yet, but we’ll update this story as and when more information comes to hand
Source: https://portswigger.net/daily-swig/critical-samba-flaw-presents-code-execution-threat