Описание
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
An out-of-bounds heap read write vulnerability was found in Samba. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module (vfs_fruit), a remote attacker with ability to write to file's extended attributes can trigger an out-of-bounds write and execute arbitrary code with root privileges.
Меры по смягчению последствий
As a workaround remove the "fruit" VFS module from the list of configured VFS objects in any "vfs objects" line in the Samba configuration smb.conf. Note that changing the VFS module settings fruit:metadata or fruit:resource to use the unaffected setting causes all stored information to be inaccessible and will make it appear to macOS clients as if the information is lost.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | samba | Not affected | ||
| Red Hat Enterprise Linux 6 | samba4 | Not affected | ||
| Red Hat Enterprise Linux 9 | samba | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Not affected | ||
| Red Hat Enterprise Linux 7 | samba | Fixed | RHSA-2022:0328 | 31.01.2022 |
| Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | samba | Fixed | RHSA-2022:0663 | 23.02.2022 |
| Red Hat Enterprise Linux 7.6 Telco Extended Update Support | samba | Fixed | RHSA-2022:0663 | 23.02.2022 |
| Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions | samba | Fixed | RHSA-2022:0663 | 23.02.2022 |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | samba | Fixed | RHSA-2022:0664 | 23.02.2022 |
| Red Hat Enterprise Linux 7.7 Telco Extended Update Support | samba | Fixed | RHSA-2022:0664 | 23.02.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.9 Critical
CVSS3
Связанные уязвимости
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
The Samba vfs_fruit module uses extended file attributes (EA, xattr) t ...
EPSS
9.9 Critical
CVSS3