CVE-2021-44142

First published: Mon Feb 21 2022(Updated: )

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Credit: cret@cert.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/type
• agent/remedy
• agent/severity
• agent/references
• agent/description
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/event
• agent/first-publish-date
• agent/source
• agent/author
• collector/nvd-api
• agent/software-canonical-lookup-request
• collector/nvd-index
• agent/softwarecombine
• agent/tags
• vendor/samba
• canonical/samba
• version/samba/4.14.0
• version/samba/4.15.0
• vendor/debian
• canonical/debian
• version/debian/10.0
• version/debian/11.0
• vendor/canonical
• canonical/ubuntu
• version/ubuntu/14.04
• version/ubuntu/16.04
• version/ubuntu/18.04
• version/ubuntu/20.04
• version/ubuntu/21.10
• vendor/synology
• canonical/synology diskstation manager
• version/synology diskstation manager/6.2
• vendor/fedoraproject
• canonical/fedora
• version/fedora/34
• version/fedora/35
• vendor/redhat
• canonical/redhat codeready linux builder
• canonical/glusterfs
• version/glusterfs/3.5
• canonical/redhat virtualization host
• version/redhat virtualization host/4.0
• canonical/red hat enterprise linux
• version/red hat enterprise linux/7.0
• version/red hat enterprise linux/8.0
• canonical/redhat enterprise linux desktop
• version/redhat enterprise linux desktop/7.0
• canonical/redhat enterprise linux eus
• version/redhat enterprise linux eus/8.2
• version/redhat enterprise linux eus/8.4
• canonical/redhat enterprise linux for ibm z systems
• version/redhat enterprise linux for ibm z systems/7.0
• version/redhat enterprise linux for ibm z systems/8.0
• canonical/redhat enterprise linux for ibm z systems eus
• version/redhat enterprise linux for ibm z systems eus/8.2
• version/redhat enterprise linux for ibm z systems eus/8.4
• canonical/redhat enterprise linux for power big endian
• version/redhat enterprise linux for power big endian/7.0
• canonical/redhat enterprise linux for power little endian
• version/redhat enterprise linux for power little endian/7.0
• version/redhat enterprise linux for power little endian/8.0
• canonical/redhat enterprise linux for power little endian eus
• version/redhat enterprise linux for power little endian eus/8.2
• version/redhat enterprise linux for power little endian eus/8.4
• canonical/redhat enterprise linux for scientific computing
• version/redhat enterprise linux for scientific computing/7.0
• canonical/red hat enterprise linux resilient storage
• version/red hat enterprise linux resilient storage/7.0
• canonical/redhat enterprise linux server
• version/redhat enterprise linux server/7.0
• version/redhat enterprise linux server/8.1
• canonical/redhat enterprise linux server aus
• version/redhat enterprise linux server aus/8.2
• version/redhat enterprise linux server aus/8.4
• canonical/redhat enterprise linux server tus
• version/redhat enterprise linux server tus/8.2
• version/redhat enterprise linux server tus/8.4
• canonical/redhat enterprise linux server update services for sap solutions
• version/redhat enterprise linux server update services for sap solutions/8.1
• version/redhat enterprise linux server update services for sap solutions/8.2
• version/redhat enterprise linux server update services for sap solutions/8.4
• canonical/redhat enterprise linux workstation
• version/redhat enterprise linux workstation/7.0