openEuler update for samba



Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-44142
CWE-ID CWE-787
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
 openEuler
Operating systems & Components / Operating system

samba-vfs-glusterfs
Operating systems & Components / Operating system package or component

samba-pidl
Operating systems & Components / Operating system package or component

libsmbclient-devel
Operating systems & Components / Operating system package or component

samba-debugsource
Operating systems & Components / Operating system package or component

python3-samba-test
Operating systems & Components / Operating system package or component

samba-client
Operating systems & Components / Operating system package or component

samba-dc-provision
Operating systems & Components / Operating system package or component

libsmbclient
Operating systems & Components / Operating system package or component

samba-test
Operating systems & Components / Operating system package or component

samba-dc
Operating systems & Components / Operating system package or component

libwbclient-devel
Operating systems & Components / Operating system package or component

ctdb
Operating systems & Components / Operating system package or component

samba-debuginfo
Operating systems & Components / Operating system package or component

samba-dc-bind-dlz
Operating systems & Components / Operating system package or component

python3-samba-dc
Operating systems & Components / Operating system package or component

samba-help
Operating systems & Components / Operating system package or component

samba-winbind-clients
Operating systems & Components / Operating system package or component

samba-common-tools
Operating systems & Components / Operating system package or component

samba-devel
Operating systems & Components / Operating system package or component

ctdb-tests
Operating systems & Components / Operating system package or component

samba-winbind-krb5-locator
Operating systems & Components / Operating system package or component

samba-libs
Operating systems & Components / Operating system package or component

samba-winbind-modules
Operating systems & Components / Operating system package or component

samba-winbind
Operating systems & Components / Operating system package or component

libwbclient
Operating systems & Components / Operating system package or component

samba-common
Operating systems & Components / Operating system package or component

python3-samba
Operating systems & Components / Operating system package or component

samba-krb5-printing
Operating systems & Components / Operating system package or component

samba
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Out-of-bounds write

EUVDB-ID: #VU60186

Risk: High

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Amber]

CVE-ID: CVE-2021-44142

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module (vfs_fruit). A remote attacker with ability to write to file's extended attributes can trigger an out-of-bounds write and execute arbitrary code with root privileges.

Note, the vulnerability in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 20.03 LTS SP3

samba-vfs-glusterfs: before 4.11.12-10

samba-pidl: before 4.11.12-10

libsmbclient-devel: before 4.11.12-10

samba-debugsource: before 4.11.12-10

python3-samba-test: before 4.11.12-10

samba-client: before 4.11.12-10

samba-dc-provision: before 4.11.12-10

libsmbclient: before 4.11.12-10

samba-test: before 4.11.12-10

samba-dc: before 4.11.12-10

libwbclient-devel: before 4.11.12-10

ctdb: before 4.11.12-10

samba-debuginfo: before 4.11.12-10

samba-dc-bind-dlz: before 4.11.12-10

python3-samba-dc: before 4.11.12-10

samba-help: before 4.11.12-10

samba-winbind-clients: before 4.11.12-10

samba-common-tools: before 4.11.12-10

samba-devel: before 4.11.12-10

ctdb-tests: before 4.11.12-10

samba-winbind-krb5-locator: before 4.11.12-10

samba-libs: before 4.11.12-10

samba-winbind-modules: before 4.11.12-10

samba-winbind: before 4.11.12-10

libwbclient: before 4.11.12-10

samba-common: before 4.11.12-10

python3-samba: before 4.11.12-10

samba-krb5-printing: before 4.11.12-10

samba: before 4.11.12-10

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1524


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###