A security researcher from DEVCORE, Orange Tsai disclosed a critical out-of-bounds write vulnerability in Samba vfs_fruit module along with a medium and low vulnerability. The out-of-bound read/write vulnerability is tracked under CVE-2021-44142 has a base score of 9.9 out of 10. The successful exploitation of the flaw allows remote attackers to execute arbitrary code on the affected machine with the highest root privileges. Since Samba is one of the most common services being used in multiple platforms, we can say that millions of servers are vulnerable to the flaw. It is important to learn how to fix the CVE-2021-44142 vulnerability in Samba. So, let’s see How to Fix the Out-of-Bounds Write Vulnerability In Samba vfs_fruit module (CVE-2021-44142) along with the other two CVE-2021-44141 and CVE-2022-0336 vulnerabilities in this post.
Table of Contents
What Is Samba?
As the front page at samba.org says: Samba is a software package that gives network administrators flexibility and freedom in terms of setup, configuration, and choice of systems and equipment.
Samba is free software used to implement the Server Message Block (SMB) protocol. It’s used to share files over the network. It is also referred to as Common Internet File System, in short, CIFS. If you ask what platforms support this protocol. The answer is pretty much all. It supports Windows, Linux, and Mac. We have shown how to build a personal cross-platform file sharing server using Samba on a small computer like Raspberry Pi in a different post.
What Is Out-Of-Bounds Write Vulnerability?
A simple explanation for this is if a service or a program writes data outside of the boundaries of the buffer. That could be either beginning or after the end of the allocated buffer.
This could lead to many negative implications, which may include:
- Data corruption
- Crash of service or the program
- Arbitrary code execution vulnerability
Summary Of The Samba vfs_fruit Vulnerability (CVE-2021-44142)?
There are other three vulnerabilities that Samba addressed:
- CVE-2021-44141
- CVE-2021-44142
- CVE-2022-0336
Summary Of CVE-2021-44142:
The out-of bound heap read/write vulnerability actually lice in the Samba vfs_fruit module, which provides enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Attackers can exploit the vulnerability using a specially crafted extended file attribute.
All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read/write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.
| Associated CVE ID | CVE-2021-44142 |
| Description | Out-of-bounds heap read/write vulnerability in Samba’S VFS module |
| Associated ZDI ID | – |
| CVSS Score | 9.9 Critical |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | Low |
| User Interaction (UI) | None |
| Scope | Changed |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
Summary Of CVE-2021-44141:
| Associated CVE ID | CVE-2021-44141 |
| Description | Information leak via symlinks of existance of files or directories outside of the exported share |
| Associated ZDI ID | – |
| CVSS Score | 4.2 Medium |
| Vector | CVSS:AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:N/MAC:L/MPR:L/MUI:N/MS:U/MC:H/MI:N/MA:N |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | Low |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | None |
| availability (a) | None |
Summary Of CVE-2022-0336:
| Associated CVE ID | CVE-2022-0336 |
| Description | Samba AD users with permission to write to an account can impersonate arbitrary services. |
| Associated ZDI ID | – |
| CVSS Score | 3.1 Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | Low |
| User Interaction (UI) | None |
| Scope | Changed |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
Samba Versions Affected To The Vulnerabilities:
his table helps you learn versions affected by the respective vulnerabilities.
| Vulnerability | Severity | Affected Samba Versions |
| CVE-2021-44141 | 9.9 Critical | Versions Prior to 4.15.5 |
| CVE-2021-44142 | 4.2 Medium | Versions Prior to 4.13.17 |
| CVE-2022-0336 | 3.1 Low | Versions 4.0.0 and Later |
Operating Systems Affected By The Samba Out-Of-Bounds Write Vulnerability:
The most popular Linux distributions RedHat, SUSE, and Ubuntu are affected by the vulnerabilities. All the Distributions have released security updates to fix the vulnerabilities. Please visit their website for more information.
- RedHat: https://access.redhat.com/security/cve/CVE-2021-44142
- samba: https://www.samba.org/samba/security/CVE-2021-44142.html
- Ubuntu: https://ubuntu.com/security/CVE-2021-44142
- SUSE: https://www.suse.com/security/cve/CVE-2021-44142.html
How to Fix the Out-of-Bounds Write Vulnerability In Samba vfs_fruit Module (CVE-2021-44142)?
Samba has fixed all three vulnerabilities in their latest versions 4.13.17, 4.14.12, and 4.15.5. Samba users are urged to update to the recommended versions to fix the vulnerabilities.
However, there is a workaround for those who can’t immoderately apply the patch. You just need to remove ‘fruit’ VFS module from the list of configured VFS objects in any “vfs objects” line in the Samba configuration smb.conf.
Please visit the respective Linux distribution website or contact support.
How To Fix The Samba vfs_fruit Vulnerability?
- 1: Check the Samba version on Linux
$ sudo smbstatus
OR
$ sudo smbd -V
OR
$ sudo smbd –version
- Add Samba PPA to your system
Use this PPA repo to upgrade or install Samba on Ubuntu Linux.
$ sudo add-apt-repository ppa:linux-schools/samba-latest
- Update repository
$ sudo apt-get update
- Upgrade or Install Samba from PPA
$ sudo apt install samba
OR
$ sudo apt install samba
- Check the Samba version on Linux upon upgrade
$ sudo smbstatus
OR
$ sudo smbd -V
OR
$ sudo smbd –version
We hope this post will help you know How to Fix the Out-of-Bounds Write Vulnerability In Samba vfs_fruit Module (CVE-2021-44142) along with the other two CVE-2021-44141 and CVE-2022-0336 vulnerabilities in Linus machines. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page in Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270146.html