Published Corrective editions of the package 4.15.5, 4.14.12 and 4.13.17 with the elimination of 3 vulnerabilities. The most dangerous vulnerability ( CVE-2021-44142 ) allows the remote attacking to perform arbitrary code with root rights on a system with a vulnerable version of Samba. The problem is assigned a hazard level of 9.9 out of 10.
vulnerability is manifested only when using the VFS module VFS_fruit With default parameters (Fruit: Metadata = NetaTalk or Fruit: Resource = File), providing an additional level of compatibility with Mac OS clients and improving portability with NetaTalk 3 AFP file servers. The problem is caused by the buffer overflow in the metadata parsing code with advanced attributes (EA) caused during the opening of files in SMBD. To implement the attack, the user must have access to the enlarged file attributes, despite the fact that the attack can be carried out and a guest user if a similar entry is allowed.
Release of package updates in distributions can be traced on the pages: Debian , ubuntu , Rhel , SUSE , Fedora , Arch , FreeBSD . As a workaround of protection, you can remove the “Fruit” module from the list “VFS Objects” in SMB.conf.
The rest of the two narrowing:
- Vulnerability CVE-2022-0336 Allows the user Samba AD DC to issue yourself after another Service and organize the interception of the traffic addressed to this service. For attack, the user must have the right to change the ServicePrincipalName attribute in the account.
- Vulnerability CVE-2021-44141 can lead to leakage of information about the existence of files and Directors in the FS area outside the SAMBA exported section. The attack is carried out through manipulation with symbolic references.