Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

CVE-2021-44142 Announced as Critical Samba Vulnerability

CVE-2021-44142, announced after responsible disclosure practices were followed and a full patch made available, was reported by the Samba team as a CVSS 9.9 vulnerability. All versions of Samba prior to 4.13.17, 4.4.12, and 4.4.15 (which are the newest security releases) are affected. Samba is a Linux SMB/CIFS file sharing service that establishes compatibility with Microsoft and Apple SMB implementations. The vulnerability allows for arbitrary remote code execution (RCE) on Samba installations that are deployed with the default configurations for the VFS_fruit module, which establishes compatibility with Apple SMB clients. Workarounds exist by changing the default configuration of fruit_metadata=netatalk or fruit_resource=file

in the /etc/samba/smb.conf file, or by deleting the VFS_fruit module.