• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
samba ‘fruit’ bug allows rce, full root user access

Samba ‘Fruit’ Bug Allows RCE, Full Root User Access

You are here: Home / Latest Cyber Security Vulnerabilities / Samba ‘Fruit’ Bug Allows RCE, Full Root User Access
February 1, 2022

The issue in the file-sharing and interop platform also impacts Crimson Hat, SUSE Linux and Ubuntu offers.

A critical severity vulnerability in the Samba platform could enable attackers to get distant code execution with root privileges on servers.

Samba is an interoperability suite that allows Windows and Linus/Unix-primarily based hosts to work jointly and share file and print services with multiplatform units on a widespread network, like SMB file-sharing. Gaining the skill to execute distant code as a root user suggests that an attacker would be equipped to read through, modify or delete any information on the program, enumerate buyers, set up malware (this kind of as cryptominers or ransomware) and pivot to more into a company network.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The bug (CVE-2021-44142) precisely is an out-of-bounds heap read/write vulnerability in the VFS module referred to as “vfs_fruit.” It affects all variations of Samba prior to v.4.13.17, and carries a score of 9.9 out of 10 on the CVSS security-vulnerability severity scale. On top of that, some Samba-supporting Pink Hat, SUSE Linux and Ubuntu deals are also impacted.

‘Fruits’ of an Attacker’s Labor

The “fruit” module is utilized to offer “enhanced compatibility with Apple SMB clientele and interoperability with a Netatalk 3 AFP fileserver,” via the use of prolonged file attributes (EA), in accordance to firm documentation.

“The certain flaw exists inside of the parsing of EA metadata when opening files in smbd [i.e., the server daemon that provides filesharing and printing services to Windows clients],” in accordance to a Monday advisory from Samba. “The dilemma in vfs_fruit exists in the default configuration of the fruit VFS module working with [specific modules] fruit:metadata=netatalk or fruit:resource=file.”

There are two caveats to exploitability: If the VFS module has diverse settings than the default values, the method is not impacted by the security issue, in accordance to Samba.

Also, the attacker ought to have generate entry to a file’s extended attributes for successful exploitation.

Having said that, “this could be a guest or unauthenticated person if such customers are permitted publish accessibility to file extended attributes,” the organization warned.

Samba credited Orange Tsai from DEVCORE is credited with discovering the bug.

How to Mitigate CVE-2021-44142

Samba 4.13.17, 4.14.12 and 4.15.5 are the patched versions directors are urged to up grade to these releases as shortly as attainable.

There is also a workaround out there, according to the organization, which involves removing the “fruit” module from the record of VFS objects in Samba configuration information: “Remove the ‘fruit’ VFS module from the record of configured VFS objects in any ‘vfs objects’ line in the Samba configuration smb.conf.”

Admins could also conceivably change the default configurations for the the fruit:metadata or fruit:useful resource modules, but Samba warned that this would result in “all stored facts to be inaccessible and will make it surface to macOS customers as if the info is dropped.”

“The first issue enterprises will need to do is implement the ideal patches to recognized Samba installations, but these styles of vulnerabilities are extra difficult to totally mitigate than it may feel,” reported Greg Fitzgerald, co-founder, Sevco Security, via email. “Even when all acknowledged situations are correctly patched, that nevertheless leaves forgotten or abandoned scenarios susceptible. Every organization has IT belongings that have fallen by way of the cracks.”

He additional, “It’s gotten to the issue where by attackers are generally additional acquainted with the networks they’re targeting than the security groups in charge of safeguarding these networks. It only normally takes a single unpatched occasion to build an option for malicious actors to hit paydirt, and they’re counting on the fact that IT and security teams just can’t create a thorough and correct IT asset stock.”

Examine out our free upcoming live and on-demand from customers online town halls – one of a kind, dynamic discussions with cybersecurity specialists and the Threatpost local community.


Some areas of this write-up are sourced from:
threatpost.com

Previous Post: «Cyber Security News Cyber-Attack on Oil Firms
Next Post: Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Dev Sabotages Popular NPM Package to Protest Russian Invasion
  • Phishers Using Ukraine Invasion to Solicit Cryptocurrency
  • Hackers spotted using CAPTCHAs to dodge email security scanners
  • FBI Launches Virtual Assets Unit
  • The Total Economic Impact™ of IBM Security MaaS360 with Watson
  • Unified endpoint management solutions 2021-22
  • Misconfigured Firebase Databases Exposing Data in Mobile Apps
  • Six myths of SIEM
  • US Passes “Game-Changing” Cyber Incident Reporting Legislation
  • How a platform approach to security monitoring initiatives adds value

Copyright © TheCyberSecurity.News, All Rights Reserved.