Samba Remote Code Execution Vulnerability

Samba Remote Code Execution Vulnerability (CVE-2021-44142)

February 14, 2022

Overview Recently, NSFOCUS CERT detected a Samba remote code execution vulnerability (CVE-2021-44142) disclosed online. Because the default configuration of Samba’s vfs_fruit module allows out-of-bounds heap read and write through extended file attributes. When smbd parses EA metadata, a remote attacker (guest account or unauthorized user) with write access to the file’s extended attributes can execute […]

Search

Subscribe to the NSFOCUS Blog