Samba patches Critical vfs_fruit vulnerability and two other issues

Samba has released software updates to fix 3 vulnerabilities in multiple Samba software products. One of the fixed issues affects Samba VFS module vfs_fruit which could allow code execution.

A remote attacker could take advantage of these vulnerabilities and exploit impacted systems.

Samba software is used for file and print services for all clients using the SMB/CIFS protocol. Samba is used to seamlessly integrate Linux/Unix systems into Windows Active Directory environments.

The most severe of the patches addresses a Critical severity out-of-bounds heap read/write vulnerability (CVE-2021-44142) in VFS module vfs_fruit that could lead to code execution as root for Samba servers running the VFS module. The issue has a CVSS score of 9.9 and affects all versions of Samba prior to 4.13.17.

“The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes,” Samba stated in the advisory.

Another of the patches addresses a vulnerability (CVE-2022-0336) in Samba AD DC that could allow Samba AD users with permission to write to an account to impersonate arbitrary services. This High severity issue affects Samba 4.0.0 and later and has a CVSS score of 8.8.

“An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity,” Samba said.

The third patch addresses a Medium severity vulnerability (CVE-2021-44141) that could result in an information leak via symlinks of existence of files or directories outside of the exported share.