The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide “…enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.” Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Vulnerability scanners reporting based on installed package versions alone may erroneously report systems as vulnerable, contrary to this advisory, as the libraries are included in the F5 software distribution, but not used in a way which makes the product vulnerable.
In such cases, this advisory takes precedence.