我們使用 cookie 來幫助我們改善網頁體驗。請閱讀我們的 Cookie 政策

AS-2022-001: Samba

2022-02-15

Severity

Important

Status

Resolved


Statement

A vulnerability that allows remote authenticated users to execute arbitrary code via Samba vfs_fruit module has been resolved on ADM 4.0.3 and ADM 3.5.8.


Affected Products

Product Severity Fixed Release Availability
ADM 4.0 Important Upgrade to 4.0.3.RQ81 or above.
ADM 3.5 Important Upgrade to 3.5.8.RQA1 or above.

Detail

  • CVE-2021-44142
    • Severity: Important
    • The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Reference


Revision

Revision Date Description
1 2022-02-15 Initial public release.