The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide “…enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.” Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)

Impact

There is no impact; F5 products are not affected by this vulnerability.

Vulnerability scanners reporting based on installed package versions alone may erroneously report systems as vulnerable, contrary to this advisory, as the libraries are included in the F5 software distribution, but not used in a way which makes the product vulnerable.

In such cases, this advisory takes precedence.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.1.0
f5 ssl orchestratoreq16.1.1
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.1.0
f5 ssl orchestrator	eq	16.1.1
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3

Rows per page:

1-10 of 3031

oraclelinux 2

nessus 54

ibm 6

openvas 41

nvd 1

osv 7

suse 3

cvelist 1

redhat 9

ubuntucve 1

zdi 3

prion 1

ubuntu 3

cert 1

samba 1

redhatcve 1

cve 1

rocky 2

paloalto 1

cbl_mariner 1

threatpost 1

debiancve 1

trendmicroblog 1

githubexploit 3

alpinelinux 1

veracode 1

cloudfoundry 1

almalinux 1

centos 1

kaspersky 1

altlinux 1

fedora 2

thn 1

malwarebytes 1

amazon 2

debian 1

redos 1

cisa 1

freebsd 1

mageia 1

gentoo 1

oraclelinux

samba security and bug fix update

2022-02-01 00:00:00

samba security and bug fix update

2022-02-01 00:00:00

nessus

RHEL 7 : samba (RHSA-2022:0328)

2022-02-01 00:00:00

Oracle Linux 8 : samba (ELSA-2022-0332)

2022-02-01 00:00:00

RHEL 8 : samba (RHSA-2022:0331)

2022-02-01 00:00:00

ibm

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-16 17:09:07

Security Bulletin: IBM Cloud Pak for Data System 2.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-25 05:40:33

Security Bulletin: Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System [CVE-2021-44142]

2023-03-31 14:46:30

openvas

SUSE: Security Advisory (SUSE-SU-2022:0284-1)

2022-02-03 00:00:00

openSUSE: Security Advisory for samba (openSUSE-SU-2022:0287-1)

2022-02-08 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0252-1)

2022-02-03 00:00:00

nvd

CVE-2021-44142

2022-02-21 15:15:07

osv

samba - security update

2022-02-11 00:00:00

samba vulnerability

2022-02-01 11:56:09

CVE-2021-44142

2022-02-21 15:15:07

suse

Security update for samba (critical)

2022-02-01 00:00:00

Security update for samba (critical)

2022-02-01 00:00:00

Security update for samba (important)

2022-02-01 00:00:00

cvelist

CVE-2021-44142

2022-02-21 00:00:00

redhat

(RHSA-2022:0458) Critical: samba security update

2022-02-07 17:28:27

(RHSA-2022:0330) Critical: samba security update

2022-01-31 15:40:27

(RHSA-2022:0663) Critical: samba security update

2022-02-23 18:47:36

ubuntucve

CVE-2021-44142

2022-01-31 00:00:00

zdi

(Pwn2Own) Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability

2022-02-01 00:00:00

(Pwn2Own) Samba fruit_pread Out-Of-Bounds Read Information Disclosure Vulnerability

2022-02-01 00:00:00

Samba AppleDouble Entry Heap-based Buffer Overflow Remote Code Execution Vulnerability

2022-02-01 00:00:00

prion

Heap overflow

2022-02-21 15:15:00

ubuntu

Samba vulnerability

2022-02-03 00:00:00

Samba vulnerability

2022-02-01 00:00:00

Samba vulnerabilities

2022-02-01 00:00:00

cert

Samba vfs_fruit module insecurely handles extended file attributes

2022-01-31 00:00:00

samba

Out-of-bounds heap read/write vulnerability

2022-01-31 00:00:00

redhatcve

CVE-2021-44142

2022-01-31 15:06:30

cve

CVE-2021-44142

2022-02-21 15:15:07

rocky

samba security and bug fix update

2022-02-01 03:32:27

samba security and bug fix update

2022-01-31 15:40:41

paloalto

Informational: Impact of the Samba Vulnerability CVE-2021-44142 on PAN-OS

2022-03-09 17:00:00

cbl_mariner

CVE-2021-44142 affecting package samba 4.12.5-6

2024-07-05 21:08:40

threatpost

Samba 'Fruit' Bug Allows RCE, Full Root User Access

2022-02-01 20:02:02

debiancve

CVE-2021-44142

2022-02-21 15:15:07

trendmicroblog

The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It

2022-02-02 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Samba

2022-03-29 17:32:25

Exploit for Out-of-bounds Read in Samba

2022-04-22 04:46:54

Exploit for Out-of-bounds Write in Samba

2022-03-29 19:03:38

alpinelinux

CVE-2021-44142

2022-02-21 15:15:07

veracode

Remote Code Execution (RCE)

2022-02-03 11:21:59

cloudfoundry

USN-5260-2: Samba vulnerability | Cloud Foundry

2022-03-10 00:00:00

almalinux

Critical: samba security and bug fix update

2022-01-31 15:40:41

centos

ctdb, libsmbclient, libwbclient, samba security update

2022-02-01 18:03:11

kaspersky

KLA12439 Multiple vulnerabilities in Samba

2022-01-31 00:00:00

altlinux

Security fix for the ALT Linux 10 package samba version 4.14.12-alt1

2022-02-09 00:00:00

fedora

[SECURITY] Fedora 34 Update: samba-4.14.12-0.fc34

2022-02-03 01:12:33

[SECURITY] Fedora 35 Update: samba-4.15.5-0.fc35

2022-02-02 01:26:36

thn

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

2022-02-01 04:16:00

malwarebytes

Samba patches critical vulnerability that allows remote code execution as root

2022-02-01 15:22:52

amazon

Critical: samba

2022-02-03 19:29:00

Critical: samba

2022-02-10 21:59:00

debian

[SECURITY] [DSA 5071-1] samba security update

2022-02-11 15:11:29

redos

ROS-20220208-01

2022-02-08 00:00:00

cisa

Samba Releases Security Updates

2022-02-01 00:00:00

freebsd

samba -- Multiple Vulnerabilities

2022-01-31 00:00:00

mageia

Updated samba packages fix security vulnerability

2022-02-09 23:46:00

gentoo

Samba: Multiple Vulnerabilities

2023-09-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

AI Score

Confidence

High

0.18 Low

EPSS

Percentile

96.2%

JSON

Related for F5:K84695749