The Samba team has addressed a critical severity vulnerability that can allow remote code execution with root privileges on servers running vulnerable software.
A re-implementation of SMB networking protocol, Samba enables Linux, Windows, and macOS users to share files over a network and print.
As tracked as CVE-2021-44142 and reported by Orange Tsai of DEVCORE, the vulnerability is an out-of-bounds heap read/write present in the vfs_fruit VFS module when parsing EA metadata in smbd.
Samba explained the vulnerability in a security advisory published today: “The issue with vfs_fruit is in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file.”
If both options are set to different values than the defaults, the system is not affected.”
The vfs_fruit module provides enhanced compatibility with Apple SMB clients and Netatalk 3 AFP fileservers.
Red Hat, SUSE Linux, and Ubuntu are among the platforms impacted by this vulnerability, according to the CERT Coordination Center (CERT/CC).
Samba administrators are recommended to upgrade to these releases or apply the patch as soon as possible to mitigate the defect and thwart any potential attacks exploiting the vulnerability.
You may also like
-
The Head of a forged SIM card racket is arrested by cyber police.
-
Youth arrested for posting women’s obscene photos on social media.
-
Someone is using your PAN card on the loan application. Dhani app loan fraud! so checks your credit score right now.
-
An elder man in Himachal Pradesh honey-trapped by cyber fraudsters.
-
Two new Mozilla Firefox 0-day bugs are being actively exploited – patch your browser today!