{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-008.pdf"
    },
    "title": "Critical Vulnerability in Samba",
    "serial_number": "2022-008",
    "publish_date": "01-02-2022 15:57:00",
    "description": "On January 31, Samba has issued advisories and software updates to address multiple vulnerabilities one of which, identified as \"CVE-2021-44142\", could lead to Remote Code Execution with \"root\" privileges. It is recommended to update as soon as possible.",
    "url_title": "2022-008",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in\u00a0Samba'\nversion: '1.0'\nnumber: '2022-008'\ndate: 'February 1, 2022'\n---\n\n_History:_\n\n* _01/02/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn January 31, Samba has issued advisories and software updates [1] to address multiple vulnerabilities one of which, identified as `CVE-2021-44142`, could lead to Remote Code Execution with `root` privileges. It is recommended to update as soon as possible.\n\n# Technical Details\n\nThe vulnerability `CVE-2021-44142`, with a severity score of 9.9 out of 10, is an out-of-bounds heap read-write vulnerability that allows remote attackers to execute arbitrary code as `root` on affected Samba installations [2].\n\nThe specific flaw exists within the parsing of Extended Attributes (EA) metadata when opening files in `smbd`.\n\nAccess as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.\n\n# Affected Products\n\nAll versions of Samba prior to `4.13.17` are vulnerable when Samba has the VFS module `vfs_fruit` enabled in its default configuration. This means that the following options are configured as follows: `fruit:metadata=netatalk` or `fruit:resource=file`. If both options are set to different settings than the default values, the system is not affected by the security issue.\n\n# Recommendations\n\nSamba team and CERT-EU strongly recommend upgrading Samba to the latest version as soon as possible.\n\n## Workaround\n\nAs a temporary workaround, one can remove the `fruit` VFS module from the list of configured VFS objects in any `vfs objects` line in the Samba configuration `smb.conf`.\n\nNote that changing the VFS module settings `fruit:metadata` or `fruit:resource` to use the unaffected setting causes all stored information to be inaccessible.\n\n# References\n\n[1] <https://www.samba.org/samba/history/security.html>\n\n[2] <https://www.samba.org/samba/security/CVE-2021-44142.html>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>01/02/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On January 31, Samba has issued advisories and software updates [1] to address multiple vulnerabilities one of which, identified as <code>CVE-2021-44142</code>, could lead to Remote Code Execution with <code>root</code> privileges. It is recommended to update as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <code>CVE-2021-44142</code>, with a severity score of 9.9 out of 10, is an out-of-bounds heap read-write vulnerability that allows remote attackers to execute arbitrary code as <code>root</code> on affected Samba installations [2].</p><p>The specific flaw exists within the parsing of Extended Attributes (EA) metadata when opening files in <code>smbd</code>.</p><p>Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.</p><h2 id=\"affected-products\">Affected Products</h2><p>All versions of Samba prior to <code>4.13.17</code> are vulnerable when Samba has the VFS module <code>vfs_fruit</code> enabled in its default configuration. This means that the following options are configured as follows: <code>fruit:metadata=netatalk</code> or <code>fruit:resource=file</code>. If both options are set to different settings than the default values, the system is not affected by the security issue.</p><h2 id=\"recommendations\">Recommendations</h2><p>Samba team and CERT-EU strongly recommend upgrading Samba to the latest version as soon as possible.</p><h3 id=\"workaround\">Workaround</h3><p>As a temporary workaround, one can remove the <code>fruit</code> VFS module from the list of configured VFS objects in any <code>vfs objects</code> line in the Samba configuration <code>smb.conf</code>.</p><p>Note that changing the VFS module settings <code>fruit:metadata</code> or <code>fruit:resource</code> to use the unaffected setting causes all stored information to be inaccessible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.samba.org/samba/history/security.html\">https://www.samba.org/samba/history/security.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.samba.org/samba/security/CVE-2021-44142.html\">https://www.samba.org/samba/security/CVE-2021-44142.html</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}