• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

CVSS 9.9-Rated Samba Bug Requires Immediate Patching

You are here: Home / General Cyber Security News / CVSS 9.9-Rated Samba Bug Requires Immediate Patching
February 2, 2022

A critical vulnerability in a well known open-source networking protocol could permit attackers to execute code with root privileges unless of course patched, industry experts have warned.

Samba is a well-liked totally free implementation of the SMB protocol, letting Linux, Windows and Mac people to share data files across a network.

On the other hand, a recently uncovered critical vulnerability (CVE-2021-44142) in the program has been offered a CVSS rating of 9.9, generating it one of the most perilous bugs identified in new years. Log4Shell was provided only a slightly bigger rating of 10..

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read-generate vulnerability that makes it possible for remote attackers to execute arbitrary code as root on influenced Samba installations that use the VFS module vfs_fruit,” Samba stated.

“The unique flaw exists in the parsing of EA metadata when opening information in smbd. Access as a person that has produce obtain to a file’s extended attributes is essential to exploit this vulnerability. Notice that this could be a visitor or unauthenticated person if these users are authorized compose access to file prolonged attributes.”

Patches have been produced, and Samba updates 4.13.17, 4.14.12 and 4.15.5 have been issued to fix the problem, with directors becoming urged to improve to these releases or apply the patch as before long as attainable. The vulnerability has not still been exploited in the wild at the time of crafting, but this is probably to modify.

An extra workaround is feasible if sysadmins take away the “fruit” VFS module from the list of configured VFS objects in any “vfs objects” line in the Samba configuration smb.conf.

The new vulnerability arrives at a chaotic time for directors, a lot of of whom invested time about the vacations hunting for situations of susceptible Log4j hidden in Java dependencies across their business.

Previous calendar year was one more history-setter in terms of the number of CVEs published to the Nationwide Vulnerability Databases (NVD), the fifth calendar year in a row this has transpired.


Some areas of this report are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Ninety Percent of Security Leaders Warn of Skills Shortage
Next Post: Cynet’s Keys to Extend Threat Visibility Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
  • New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
  • FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
  • Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters
  • NortonLifeLock and Avast merger could reduce competition, CMA warns
  • Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations
  • NSW ditches e-voting system for 2023 election
  • Kaspersky Hits Back at “Politically Motivated” BSI Advisory
  • Germany advises against using Kaspersky software due to hacking risk
  • CISA: Fix MFA and Patch Promptly to Stop Russian Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.