The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide “…enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.” Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

CPENameOperatorVersion
ubuntu_linuxeq18.04
ubuntu_linuxeq14.04
ubuntu_linuxeq20.04
ubuntu_linuxeq16.04
ubuntu_linuxeq21.10
debian_linuxeq10.0
debian_linuxeq11.0
fedoraeq34
fedoraeq35
enterprise_linuxeq7.0

Name	Operator	Version
ubuntu_linux	eq	18.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	20.04
ubuntu_linux	eq	16.04
ubuntu_linux	eq	21.10
debian_linux	eq	10.0
debian_linux	eq	11.0
fedora	eq	34
fedora	eq	35
enterprise_linux	eq	7.0

Rows per page:

1-10 of 441

References

bugzilla.samba.org/show_bug.cgi?id=14914

kb.cert.org/vuls/id/119678

security.gentoo.org/glsa/202309-06

www.samba.org/samba/security/CVE-2021-44142.html

www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin

ubuntucve 1

zdi 3

nessus 54

ubuntu 3

cert 1

samba 1

redhatcve 1

redhat 9

cve 1

oraclelinux 2

ibm 6

openvas 41

nvd 1

osv 7

suse 3

cvelist 1

rocky 2

paloalto 1

cbl_mariner 1

threatpost 1

f5 1

debiancve 1

trendmicroblog 1

githubexploit 3

veracode 1

alpinelinux 1

cloudfoundry 1

almalinux 1

centos 1

kaspersky 1

altlinux 1

fedora 2

thn 1

malwarebytes 1

amazon 2

debian 1

redos 1

cisa 1

freebsd 1

mageia 1

gentoo 1

ubuntucve

CVE-2021-44142

2022-01-31 00:00:00

zdi

(Pwn2Own) Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability

2022-02-01 00:00:00

(Pwn2Own) Samba fruit_pread Out-Of-Bounds Read Information Disclosure Vulnerability

2022-02-01 00:00:00

Samba AppleDouble Entry Heap-based Buffer Overflow Remote Code Execution Vulnerability

2022-02-01 00:00:00

nessus

SUSE SLES15 Security Update : samba (SUSE-SU-2022:0251-1)

2022-03-25 00:00:00

Ubuntu 18.04 LTS : Samba vulnerability (USN-5260-2)

2022-02-01 00:00:00

RHEL 7 : samba (RHSA-2022:0328)

2022-02-01 00:00:00

ubuntu

Samba vulnerability

2022-02-03 00:00:00

Samba vulnerability

2022-02-01 00:00:00

Samba vulnerabilities

2022-02-01 00:00:00

cert

Samba vfs_fruit module insecurely handles extended file attributes

2022-01-31 00:00:00

samba

Out-of-bounds heap read/write vulnerability

2022-01-31 00:00:00

redhatcve

CVE-2021-44142

2022-01-31 15:06:30

redhat

(RHSA-2022:0330) Critical: samba security update

2022-01-31 15:40:27

(RHSA-2022:0663) Critical: samba security update

2022-02-23 18:47:36

(RHSA-2022:0458) Critical: samba security update

2022-02-07 17:28:27

cve

CVE-2021-44142

2022-02-21 15:15:07

oraclelinux

samba security and bug fix update

2022-02-01 00:00:00

samba security and bug fix update

2022-02-01 00:00:00

ibm

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-16 17:09:07

Security Bulletin: IBM Cloud Pak for Data System 2.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-25 05:40:33

Security Bulletin: Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System [CVE-2021-44142]

2023-03-31 14:46:30

openvas

SUSE: Security Advisory (SUSE-SU-2022:0284-1)

2022-02-03 00:00:00

openSUSE: Security Advisory for samba (openSUSE-SU-2022:0287-1)

2022-02-08 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0252-1)

2022-02-03 00:00:00

nvd

CVE-2021-44142

2022-02-21 15:15:07

osv

samba - security update

2022-02-11 00:00:00

samba vulnerability

2022-02-01 11:56:09

CVE-2021-44142

2022-02-21 15:15:07

suse

Security update for samba (critical)

2022-02-01 00:00:00

Security update for samba (critical)

2022-02-01 00:00:00

Security update for samba (important)

2022-02-01 00:00:00

cvelist

CVE-2021-44142

2022-02-21 00:00:00

rocky

samba security and bug fix update

2022-02-01 03:32:27

samba security and bug fix update

2022-01-31 15:40:41

paloalto

Informational: Impact of the Samba Vulnerability CVE-2021-44142 on PAN-OS

2022-03-09 17:00:00

cbl_mariner

CVE-2021-44142 affecting package samba 4.12.5-6

2024-07-05 21:08:40

threatpost

Samba 'Fruit' Bug Allows RCE, Full Root User Access

2022-02-01 20:02:02

K84695749 : Samba vulnerability CVE-2021-44142

2022-02-02 00:00:00

debiancve

CVE-2021-44142

2022-02-21 15:15:07

trendmicroblog

The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It

2022-02-02 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Samba

2022-03-29 17:32:25

Exploit for Out-of-bounds Read in Samba

2022-04-22 04:46:54

Exploit for Out-of-bounds Write in Samba

2022-03-29 19:03:38

veracode

Remote Code Execution (RCE)

2022-02-03 11:21:59

alpinelinux

CVE-2021-44142

2022-02-21 15:15:07

cloudfoundry

USN-5260-2: Samba vulnerability | Cloud Foundry

2022-03-10 00:00:00

almalinux

Critical: samba security and bug fix update

2022-01-31 15:40:41

centos

ctdb, libsmbclient, libwbclient, samba security update

2022-02-01 18:03:11

kaspersky

KLA12439 Multiple vulnerabilities in Samba

2022-01-31 00:00:00

altlinux

Security fix for the ALT Linux 10 package samba version 4.14.12-alt1

2022-02-09 00:00:00

fedora

[SECURITY] Fedora 34 Update: samba-4.14.12-0.fc34

2022-02-03 01:12:33

[SECURITY] Fedora 35 Update: samba-4.15.5-0.fc35

2022-02-02 01:26:36

thn

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

2022-02-01 04:16:00

malwarebytes

Samba patches critical vulnerability that allows remote code execution as root

2022-02-01 15:22:52

amazon

Critical: samba

2022-02-03 19:29:00

Critical: samba

2022-02-10 21:59:00

debian

[SECURITY] [DSA 5071-1] samba security update

2022-02-11 15:11:29

redos

ROS-20220208-01

2022-02-08 00:00:00

cisa

Samba Releases Security Updates

2022-02-01 00:00:00

freebsd

samba -- Multiple Vulnerabilities

2022-01-31 00:00:00

mageia

Updated samba packages fix security vulnerability

2022-02-09 23:46:00

gentoo

Samba: Multiple Vulnerabilities

2023-09-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

AI Score

Confidence

High

0.18 Low

EPSS

Percentile

96.2%

JSON

Related for PRION:CVE-2021-44142