A critical Samba vulnerability has been identified. If successfully exploited by threat actors, this could trigger remote code execution with root privileges on servers. Samba is an open-source implementation of SMB/CIFS that allows you to share files, printers, and other resources between Linux-based hosts and Windows-based hosts.
More Details on the Samba Vulnerability
The Samba vulnerability under discussion has been assigned CVE-2021-44142 and represents a flaw located in the VFS module which is named “vfs_fruit.” The flaw has been given a rating of 9.9 out of 10 on the CVSS scale.
The company released on Monday an advisory saying that
The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. (…) The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue.
As mentioned before, hackers could exploit it to deploy remote code execution as root users. What does that mean? It means that, if they get this type of privileged access, threat actors can perform actions like reading, changing, and deleting any file on the system, installing different types of malware like for instance samba vulnerability trigger complete access
