This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fruit_pwrite function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.

References

www.samba.org/samba/security/CVE-2021-44142.html

ubuntucve 1

nessus 54

prion 1

ubuntu 3

cert 1

zdi 2

samba 1

redhatcve 1

redhat 9

cve 1

oraclelinux 2

ibm 6

openvas 41

nvd 1

suse 3

osv 7

cvelist 1

paloalto 1

rocky 2

cbl_mariner 1

threatpost 1

f5 1

debiancve 1

trendmicroblog 1

githubexploit 3

alpinelinux 1

veracode 1

cloudfoundry 1

almalinux 1

centos 1

kaspersky 1

altlinux 1

thn 1

malwarebytes 1

amazon 2

debian 1

fedora 2

redos 1

cisa 1

freebsd 1

mageia 1

gentoo 1

ubuntucve

CVE-2021-44142

2022-01-31 00:00:00

nessus

SUSE SLES15 Security Update : samba (SUSE-SU-2022:0251-1)

2022-03-25 00:00:00

Ubuntu 18.04 LTS : Samba vulnerability (USN-5260-2)

2022-02-01 00:00:00

RHEL 7 : samba (RHSA-2022:0328)

2022-02-01 00:00:00

prion

Heap overflow

2022-02-21 15:15:00

ubuntu

Samba vulnerability

2022-02-03 00:00:00

Samba vulnerability

2022-02-01 00:00:00

Samba vulnerabilities

2022-02-01 00:00:00

cert

Samba vfs_fruit module insecurely handles extended file attributes

2022-01-31 00:00:00

zdi

(Pwn2Own) Samba fruit_pread Out-Of-Bounds Read Information Disclosure Vulnerability

2022-02-01 00:00:00

Samba AppleDouble Entry Heap-based Buffer Overflow Remote Code Execution Vulnerability

2022-02-01 00:00:00

samba

Out-of-bounds heap read/write vulnerability

2022-01-31 00:00:00

redhatcve

CVE-2021-44142

2022-01-31 15:06:30

redhat

(RHSA-2022:0330) Critical: samba security update

2022-01-31 15:40:27

(RHSA-2022:0663) Critical: samba security update

2022-02-23 18:47:36

(RHSA-2022:0458) Critical: samba security update

2022-02-07 17:28:27

cve

CVE-2021-44142

2022-02-21 15:15:07

oraclelinux

samba security and bug fix update

2022-02-01 00:00:00

samba security and bug fix update

2022-02-01 00:00:00

ibm

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-16 17:09:07

Security Bulletin: IBM Cloud Pak for Data System 2.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-25 05:40:33

Security Bulletin: Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System [CVE-2021-44142]

2023-03-31 14:46:30

openvas

SUSE: Security Advisory (SUSE-SU-2022:0284-1)

2022-02-03 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0252-1)

2022-02-03 00:00:00

openSUSE: Security Advisory for samba (openSUSE-SU-2022:0287-1)

2022-02-08 00:00:00

nvd

CVE-2021-44142

2022-02-21 15:15:07

suse

Security update for samba (critical)

2022-02-01 00:00:00

Security update for samba (critical)

2022-02-01 00:00:00

Security update for samba (important)

2022-02-01 00:00:00

osv

samba - security update

2022-02-11 00:00:00

samba vulnerability

2022-02-01 11:56:09

CVE-2021-44142

2022-02-21 15:15:07

cvelist

CVE-2021-44142

2022-02-21 00:00:00

paloalto

Informational: Impact of the Samba Vulnerability CVE-2021-44142 on PAN-OS

2022-03-09 17:00:00

rocky

samba security and bug fix update

2022-02-01 03:32:27

samba security and bug fix update

2022-01-31 15:40:41

cbl_mariner

CVE-2021-44142 affecting package samba 4.12.5-6

2024-07-05 21:08:40

threatpost

Samba 'Fruit' Bug Allows RCE, Full Root User Access

2022-02-01 20:02:02

K84695749 : Samba vulnerability CVE-2021-44142

2022-02-02 00:00:00

debiancve

CVE-2021-44142

2022-02-21 15:15:07

trendmicroblog

The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It

2022-02-02 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Samba

2022-03-29 17:32:25

Exploit for Out-of-bounds Read in Samba

2022-04-22 04:46:54

Exploit for Out-of-bounds Write in Samba

2022-03-29 19:03:38

alpinelinux

CVE-2021-44142

2022-02-21 15:15:07

veracode

Remote Code Execution (RCE)

2022-02-03 11:21:59

cloudfoundry

USN-5260-2: Samba vulnerability | Cloud Foundry

2022-03-10 00:00:00

almalinux

Critical: samba security and bug fix update

2022-01-31 15:40:41

centos

ctdb, libsmbclient, libwbclient, samba security update

2022-02-01 18:03:11

kaspersky

KLA12439 Multiple vulnerabilities in Samba

2022-01-31 00:00:00

altlinux

Security fix for the ALT Linux 10 package samba version 4.14.12-alt1

2022-02-09 00:00:00

thn

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

2022-02-01 04:16:00

malwarebytes

Samba patches critical vulnerability that allows remote code execution as root

2022-02-01 15:22:52

amazon

Critical: samba

2022-02-03 19:29:00

Critical: samba

2022-02-10 21:59:00

debian

[SECURITY] [DSA 5071-1] samba security update

2022-02-11 15:11:29

fedora

[SECURITY] Fedora 34 Update: samba-4.14.12-0.fc34

2022-02-03 01:12:33

[SECURITY] Fedora 35 Update: samba-4.15.5-0.fc35

2022-02-02 01:26:36

redos

ROS-20220208-01

2022-02-08 00:00:00

cisa

Samba Releases Security Updates

2022-02-01 00:00:00

freebsd

samba -- Multiple Vulnerabilities

2022-01-31 00:00:00

mageia

Updated samba packages fix security vulnerability

2022-02-09 23:46:00

gentoo

Samba: Multiple Vulnerabilities

2023-09-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.18 Low

EPSS

Percentile

96.2%

JSON

Related for ZDI-22-246