[MART] - Daily Diary #443 - Samba Released Security Patches To Fix Multiple Vulnerabilities

CTAS-MAT ctas-mat at appgate.com
Tue Feb 1 19:00:26 UTC 2022 

Hello,

I hope everyone is doing well!

Below is the entry for today.

02/01/2022 - Diary entry #443:

Samba is an important component to integrate Linux/Unix Servers and Desktops into Active Directory environments using the SMB/CIFS protocol. It can work either as a domain controller or as a domain member. Our team covered, in many Daily Diaries, SMB vulnerabilities like EternalBlue, SMBGhost, and SMBleed being exploited by threat actors in the wild.

Yesterday, Samba issued new security patches to fix three different CVEs. The first one, CVE-2021-44141, can lead to information leak via symlinks of existence of files or directories outside of the exported share. The second, CVE-2021-44142, allows remote attackers to execute arbitrary code as root on affected Samba installations that use a specific module. And finally, the last one, CVE-2022-0336, allows Samba AD users with permission to write to an account the ability to impersonate arbitrary services.

The most critical one, CVE-2021-44142, which can lead to RCE, can only be exploited if the VFS module (vsf_fruit) is enabled. The vfs_fruit module provides enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. We recommend anyone using SMB file shares to keep their systems up to date and to review files and directory permissions, disabling write accesses to files by unauthenticated users.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
C: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220201/cc6c28c7/attachment.htm>

More information about the MART mailing list