Bug 2046146 (CVE-2021-44142) - CVE-2021-44142 samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution
Summary: CVE-2021-44142 samba: Out-of-bounds heap read/write vulnerability in VFS modu...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-44142
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2046148 2046149 2046150 2046151 2046152 2046153 2046154 2046216 2048570 2051805 2051806 2051807 2051808
Blocks: 2046121
TreeView+ depends on / blocked
 
Reported: 2022-01-26 10:16 UTC by Huzaifa S. Sidhpurwala
Modified: 2024-05-13 17:15 UTC (History)
26 users (show)

Fixed In Version: samba 4.13.17, samba 4.14.12, samba 4.15.4
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds heap read write vulnerability was found in Samba. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module (vfs_fruit), a remote attacker with ability to write to file's extended attributes can trigger an out-of-bounds write and execute arbitrary code with root privileges.
Clone Of:
Environment:
Last Closed: 2022-02-07 18:13:21 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:0417 0 None None None 2022-02-03 09:38:41 UTC
Red Hat Product Errata RHBA-2022:0419 0 None None None 2022-02-03 09:40:48 UTC
Red Hat Product Errata RHBA-2022:0424 0 None None None 2022-02-03 12:46:51 UTC
Red Hat Product Errata RHBA-2022:0425 0 None None None 2022-02-03 12:42:15 UTC
Red Hat Product Errata RHBA-2022:0433 0 None None None 2022-02-03 17:01:49 UTC
Red Hat Product Errata RHSA-2022:0328 0 None None None 2022-01-31 16:55:50 UTC
Red Hat Product Errata RHSA-2022:0329 0 None Closed [bug] Router doesn't show anymore in 'ovn-nbctl' 2022-04-19 08:31:43 UTC
Red Hat Product Errata RHSA-2022:0330 0 None None None 2022-01-31 16:21:42 UTC
Red Hat Product Errata RHSA-2022:0331 0 None None None 2022-01-31 16:39:01 UTC
Red Hat Product Errata RHSA-2022:0332 0 None None None 2022-01-31 16:36:55 UTC
Red Hat Product Errata RHSA-2022:0457 0 None None None 2022-02-07 17:41:31 UTC
Red Hat Product Errata RHSA-2022:0458 0 None None None 2022-02-07 17:42:10 UTC
Red Hat Product Errata RHSA-2022:0663 0 None None None 2022-02-23 20:02:43 UTC
Red Hat Product Errata RHSA-2022:0664 0 None None None 2022-02-23 20:01:55 UTC
Samba Project 14914 0 None None None 2022-01-31 15:20:29 UTC

Description Huzaifa S. Sidhpurwala 2022-01-26 10:16:31 UTC
As per samba upstream advisory:

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.

The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.

The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue.

Comment 5 Huzaifa S. Sidhpurwala 2022-01-31 14:24:56 UTC
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2048570]

Comment 6 errata-xmlrpc 2022-01-31 16:02:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0329 https://access.redhat.com/errata/RHSA-2022:0329

Comment 7 errata-xmlrpc 2022-01-31 16:21:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0330 https://access.redhat.com/errata/RHSA-2022:0330

Comment 8 errata-xmlrpc 2022-01-31 16:36:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0332 https://access.redhat.com/errata/RHSA-2022:0332

Comment 9 errata-xmlrpc 2022-01-31 16:38:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0331 https://access.redhat.com/errata/RHSA-2022:0331

Comment 10 errata-xmlrpc 2022-01-31 16:55:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0328 https://access.redhat.com/errata/RHSA-2022:0328

Comment 11 Pat Riehecky 2022-02-01 14:22:39 UTC
Do we have an ETA for the fix in CentOS Stream8 and CentOS Stream9?

Comment 14 errata-xmlrpc 2022-02-07 17:41:28 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.5 for RHEL 7

Via RHSA-2022:0457 https://access.redhat.com/errata/RHSA-2022:0457

Comment 15 errata-xmlrpc 2022-02-07 17:42:07 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.5 for RHEL 8

Via RHSA-2022:0458 https://access.redhat.com/errata/RHSA-2022:0458

Comment 16 Product Security DevOps Team 2022-02-07 18:13:19 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-44142

Comment 23 errata-xmlrpc 2022-02-23 20:01:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2022:0664 https://access.redhat.com/errata/RHSA-2022:0664

Comment 24 errata-xmlrpc 2022-02-23 20:02:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2022:0663 https://access.redhat.com/errata/RHSA-2022:0663


Note You need to log in before you can comment on or make changes to this bug.