The Samba vfs_fruit module uses extended file attributes (EA, xattr) to
provide “…enhanced compatibility with Apple SMB clients and
interoperability with a Netatalk 3 AFP fileserver.” Samba versions prior to
4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds
heap read and write via specially crafted extended file attributes. A
remote attacker with write access to extended file attributes can execute
arbitrary code with the privileges of smbd, typically root.

Bugs

<https://bugzilla.samba.org/show_bug.cgi?id=14914>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsamba< 2:4.7.6+dfsg~ubuntu-0ubuntu2.28UNKNOWN
ubuntu20.04noarchsamba< 2:4.13.17~dfsg-0ubuntu0.21.04.1UNKNOWN
ubuntu21.10noarchsamba< 2:4.13.17~dfsg-0ubuntu0.21.10.1UNKNOWN
ubuntu22.04noarchsamba< 4.13.17~dfsg-0ubuntu1UNKNOWN
ubuntu14.04noarchsamba< 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12UNKNOWN
ubuntu16.04noarchsamba< 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	samba	< 2:4.7.6+dfsg~ubuntu-0ubuntu2.28	UNKNOWN
ubuntu	20.04	noarch	samba	< 2:4.13.17~dfsg-0ubuntu0.21.04.1	UNKNOWN
ubuntu	21.10	noarch	samba	< 2:4.13.17~dfsg-0ubuntu0.21.10.1	UNKNOWN
ubuntu	22.04	noarch	samba	< 4.13.17~dfsg-0ubuntu1	UNKNOWN
ubuntu	14.04	noarch	samba	< 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm12	UNKNOWN
ubuntu	16.04	noarch	samba	< 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2021-44142

nvd.nist.gov/vuln/detail/CVE-2021-44142

security-tracker.debian.org/tracker/CVE-2021-44142

ubuntu.com/security/notices/USN-5260-1

ubuntu.com/security/notices/USN-5260-2

ubuntu.com/security/notices/USN-5260-3

www.cve.org/CVERecord?id=CVE-2021-44142

www.samba.org/samba/security/CVE-2021-44142.html

nessus 45

ibm 6

openvas 41

paloalto 1

rocky 2

cbl_mariner 1

oraclelinux 2

cvelist 1

redhat 9

osv 5

zdi 3

cloudfoundry 1

veracode 1

githubexploit 3

alpinelinux 1

samba 1

cve 1

cert 1

redhatcve 1

ubuntu 2

prion 1

threatpost 1

debiancve 1

f5 1

trendmicroblog 1

almalinux 1

centos 1

altlinux 1

kaspersky 1

fedora 2

thn 1

amazon 2

malwarebytes 1

redos 1

cisa 1

debian 1

freebsd 1

mageia 1

gentoo 1

nessus

AlmaLinux 8 : samba (ALSA-2022:0332)

2022-03-11 00:00:00

RHEL 8 : samba (RHSA-2022:0330)

2022-02-01 00:00:00

RHEL 7 : samba (RHSA-2022:0457)

2022-02-08 00:00:00

ibm

Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-44142).

2022-02-25 13:06:29

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)

2022-05-12 15:40:58

Security Bulletin: IBM Cloud Pak for Data System 2.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-25 05:40:33

openvas

Ubuntu: Security Advisory (USN-5260-3)

2022-08-26 00:00:00

Synology DiskStation Manager (DSM) 6.2.x < 6.2.4-25556-4 Samba Vulnerability (Synology-SA-22:02) - Remote Known Vulnerable Versions Check

2022-11-18 00:00:00

Samba RCE Vulnerability (CVE-2021-44142)

2022-02-01 00:00:00

paloalto

Informational: Impact of the Samba Vulnerability CVE-2021-44142 on PAN-OS

2022-03-09 17:00:00

rocky

samba security and bug fix update

2022-02-01 03:32:27

samba security and bug fix update

2022-01-31 15:40:41

cbl_mariner

CVE-2021-44142 affecting package samba 4.12.5-6

2024-06-02 15:22:43

oraclelinux

samba security and bug fix update

2022-02-01 00:00:00

samba security and bug fix update

2022-02-01 00:00:00

cvelist

CVE-2021-44142

2022-02-21 00:00:00

redhat

(RHSA-2022:0458) Critical: samba security update

2022-02-07 17:28:27

(RHSA-2022:0329) Critical: samba security update

2022-01-31 15:40:22

(RHSA-2022:0664) Critical: samba security update

2022-02-23 18:48:48

osv

CVE-2021-44142

2022-02-21 15:15:07

samba vulnerability

2022-02-03 11:36:38

samba vulnerability

2022-02-01 11:56:09

zdi

Samba AppleDouble Entry Heap-based Buffer Overflow Remote Code Execution Vulnerability

2022-02-01 00:00:00

(Pwn2Own) Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability

2022-02-01 00:00:00

(Pwn2Own) Samba fruit_pread Out-Of-Bounds Read Information Disclosure Vulnerability

2022-02-01 00:00:00

cloudfoundry

USN-5260-2: Samba vulnerability | Cloud Foundry

2022-03-10 00:00:00

veracode

Remote Code Execution (RCE)

2022-02-03 11:21:59

githubexploit

Exploit for Out-of-bounds Read in Samba

2022-04-22 04:46:54

Exploit for Out-of-bounds Write in Samba

2022-03-29 19:03:38

Exploit for Out-of-bounds Write in Samba

2022-03-29 17:32:25

alpinelinux

CVE-2021-44142

2022-02-21 15:15:00

samba

Out-of-bounds heap read/write vulnerability

2022-01-31 00:00:00

cve

CVE-2021-44142

2022-02-21 15:15:00

cert

Samba vfs_fruit module insecurely handles extended file attributes

2022-01-31 00:00:00

redhatcve

CVE-2021-44142

2022-01-31 15:06:30

ubuntu

Samba vulnerability

2022-02-03 00:00:00

Samba vulnerability

2022-02-01 00:00:00

prion

Heap overflow

2022-02-21 15:15:00

threatpost

Samba 'Fruit' Bug Allows RCE, Full Root User Access

2022-02-01 20:02:02

debiancve

CVE-2021-44142

2022-02-21 15:15:00

K84695749 : Samba vulnerability CVE-2021-44142

2022-02-02 00:00:00

trendmicroblog

The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It

2022-02-02 00:00:00

almalinux

Critical: samba security and bug fix update

2022-01-31 15:40:41

centos

ctdb, libsmbclient, libwbclient, samba security update

2022-02-01 18:03:11

altlinux

Security fix for the ALT Linux 10 package samba version 4.14.12-alt1

2022-02-09 00:00:00

kaspersky

KLA12439 Multiple vulnerabilities in Samba

2022-01-31 00:00:00

fedora

[SECURITY] Fedora 34 Update: samba-4.14.12-0.fc34

2022-02-03 01:12:33

[SECURITY] Fedora 35 Update: samba-4.15.5-0.fc35

2022-02-02 01:26:36

thn

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

2022-02-01 04:16:00

amazon

Critical: samba

2022-02-03 19:29:00

Critical: samba

2022-02-10 21:59:00

malwarebytes

Samba patches critical vulnerability that allows remote code execution as root

2022-02-01 15:22:52

redos

ROS-20220208-01

2022-02-08 00:00:00

cisa

Samba Releases Security Updates

2022-02-01 00:00:00

debian

[SECURITY] [DSA 5071-1] samba security update

2022-02-11 15:11:29

freebsd

samba -- Multiple Vulnerabilities

2022-01-31 00:00:00

mageia

Updated samba packages fix security vulnerability

2022-02-09 23:46:00

gentoo

Samba: Multiple Vulnerabilities

2023-09-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.18 Low

EPSS

Percentile

96.2%

JSON

Related for UB:CVE-2021-44142