This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of AppleDouble entries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.

References

www.samba.org/samba/security/CVE-2021-44142.html

oraclelinux 2

nessus 54

ibm 6

openvas 41

nvd 1

osv 7

suse 3

cvelist 1

redhat 9

ubuntucve 1

zdi 2

prion 1

ubuntu 3

cert 1

samba 1

redhatcve 1

cve 1

paloalto 1

rocky 2

cbl_mariner 1

threatpost 1

f5 1

debiancve 1

trendmicroblog 1

githubexploit 3

alpinelinux 1

veracode 1

cloudfoundry 1

almalinux 1

centos 1

kaspersky 1

altlinux 1

thn 1

malwarebytes 1

amazon 2

debian 1

fedora 2

redos 1

cisa 1

freebsd 1

mageia 1

gentoo 1

oraclelinux

samba security and bug fix update

2022-02-01 00:00:00

samba security and bug fix update

2022-02-01 00:00:00

nessus

RHEL 7 : samba (RHSA-2022:0328)

2022-02-01 00:00:00

Oracle Linux 8 : samba (ELSA-2022-0332)

2022-02-01 00:00:00

RHEL 8 : samba (RHSA-2022:0331)

2022-02-01 00:00:00

ibm

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-16 17:09:07

Security Bulletin: IBM Cloud Pak for Data System 2.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-25 05:40:33

Security Bulletin: Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System [CVE-2021-44142]

2023-03-31 14:46:30

openvas

SUSE: Security Advisory (SUSE-SU-2022:0284-1)

2022-02-03 00:00:00

openSUSE: Security Advisory for samba (openSUSE-SU-2022:0287-1)

2022-02-08 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0252-1)

2022-02-03 00:00:00

nvd

CVE-2021-44142

2022-02-21 15:15:07

osv

samba - security update

2022-02-11 00:00:00

samba vulnerability

2022-02-01 11:56:09

CVE-2021-44142

2022-02-21 15:15:07

suse

Security update for samba (critical)

2022-02-01 00:00:00

Security update for samba (critical)

2022-02-01 00:00:00

Security update for samba (important)

2022-02-01 00:00:00

cvelist

CVE-2021-44142

2022-02-21 00:00:00

redhat

(RHSA-2022:0458) Critical: samba security update

2022-02-07 17:28:27

(RHSA-2022:0330) Critical: samba security update

2022-01-31 15:40:27

(RHSA-2022:0663) Critical: samba security update

2022-02-23 18:47:36

ubuntucve

CVE-2021-44142

2022-01-31 00:00:00

zdi

(Pwn2Own) Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability

2022-02-01 00:00:00

(Pwn2Own) Samba fruit_pread Out-Of-Bounds Read Information Disclosure Vulnerability

2022-02-01 00:00:00

prion

Heap overflow

2022-02-21 15:15:00

ubuntu

Samba vulnerability

2022-02-03 00:00:00

Samba vulnerability

2022-02-01 00:00:00

Samba vulnerabilities

2022-02-01 00:00:00

cert

Samba vfs_fruit module insecurely handles extended file attributes

2022-01-31 00:00:00

samba

Out-of-bounds heap read/write vulnerability

2022-01-31 00:00:00

redhatcve

CVE-2021-44142

2022-01-31 15:06:30

cve

CVE-2021-44142

2022-02-21 15:15:07

paloalto

Informational: Impact of the Samba Vulnerability CVE-2021-44142 on PAN-OS

2022-03-09 17:00:00

rocky

samba security and bug fix update

2022-02-01 03:32:27

samba security and bug fix update

2022-01-31 15:40:41

cbl_mariner

CVE-2021-44142 affecting package samba 4.12.5-6

2024-07-05 21:08:40

threatpost

Samba 'Fruit' Bug Allows RCE, Full Root User Access

2022-02-01 20:02:02

K84695749 : Samba vulnerability CVE-2021-44142

2022-02-02 00:00:00

debiancve

CVE-2021-44142

2022-02-21 15:15:07

trendmicroblog

The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It

2022-02-02 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Samba

2022-03-29 17:32:25

Exploit for Out-of-bounds Read in Samba

2022-04-22 04:46:54

Exploit for Out-of-bounds Write in Samba

2022-03-29 19:03:38

alpinelinux

CVE-2021-44142

2022-02-21 15:15:07

veracode

Remote Code Execution (RCE)

2022-02-03 11:21:59

cloudfoundry

USN-5260-2: Samba vulnerability | Cloud Foundry

2022-03-10 00:00:00

almalinux

Critical: samba security and bug fix update

2022-01-31 15:40:41

centos

ctdb, libsmbclient, libwbclient, samba security update

2022-02-01 18:03:11

kaspersky

KLA12439 Multiple vulnerabilities in Samba

2022-01-31 00:00:00

altlinux

Security fix for the ALT Linux 10 package samba version 4.14.12-alt1

2022-02-09 00:00:00

thn

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

2022-02-01 04:16:00

malwarebytes

Samba patches critical vulnerability that allows remote code execution as root

2022-02-01 15:22:52

amazon

Critical: samba

2022-02-03 19:29:00

Critical: samba

2022-02-10 21:59:00

debian

[SECURITY] [DSA 5071-1] samba security update

2022-02-11 15:11:29

fedora

[SECURITY] Fedora 34 Update: samba-4.14.12-0.fc34

2022-02-03 01:12:33

[SECURITY] Fedora 35 Update: samba-4.15.5-0.fc35

2022-02-02 01:26:36

redos

ROS-20220208-01

2022-02-08 00:00:00

cisa

Samba Releases Security Updates

2022-02-01 00:00:00

freebsd

samba -- Multiple Vulnerabilities

2022-01-31 00:00:00

mageia

Updated samba packages fix security vulnerability

2022-02-09 23:46:00

gentoo

Samba: Multiple Vulnerabilities

2023-09-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.18 Low

EPSS

Percentile

96.2%

JSON

Related for ZDI-22-244