Internet

This serious vulnerability puts thousands of computers on the network at risk

A new error puts thousands of devices connected to the network in check. It is a vulnerability affecting Samba, a popular free implementation of the SMB protocol. It is present on thousands of computers and allows access to files, printers and other shared resources on the network. This flaw allows an attacker to act as an administrator and execute arbitrary code.

A bug in Samba puts thousands of computers in check

Note that the main error has been logged as CVE-2021-44142, but there are multiple faults detected. This issue affects all versions prior to Samba 4.13.17 and is an out-of-bounds read/write vulnerability affecting the VFS module ‘vfs_fruit’. This module is used to support Apple’s SMB clients.

Any installation that uses this module is susceptible to this type of attack. A hacker could get permissions as if he were an administrator and execute remote code without problems.

This bug has earned a rating of severity of 9.9 points out of 10 on the CVSS scale. It also affects widely used Linux distributions, such as Red Hat, SUSE Linux or Ubuntu.

However, as we have indicated, it has not been the only vulnerability detected. Although this is the most serious, they have found a couple more. One of them has been registered as CVE-2021-44141 and has received a CVSS score of 4.2. In this case, it is the filtering of information through symbolic links of the existence of files or directories outside the exported share.

Another vulnerability has been registered as CVE-2022-0336 and that it has received a score of 3.1 on the CVSS scale. In this case, Samba AD users who have permissions to write to an account could impersonate arbitrary services.

How to avoid this problem

In these cases the solution is usually very simple: to update. And that is the way to correct these vulnerabilities that affect Samba and devices that use this protocol to access files or printers on the network. It is essential to install the available patches and be able to correct each of these failures that we have seen.

Specifically, version 4.13.17 fixes the main problem. However, the second of the vulnerabilities that we have seen is only corrected as of version 4.15.5. Therefore, if you have the latest version available, you will be able to prevent any of these known bugs from compromising your security.

From RedesZone we always recommend having the latest versions and any available patches there are. It does not matter if it is the operating system, some driver or any application that you have installed. It is essential to always have all the updates and thus correct problems. You can also see the differences between Samba, SMB and CIFS.

Be especially careful with devices or services that connect to the network. The case of Samba and these three vulnerabilities is very significant. It can put many teams that use it at risk and that requires us to take action as soon as possible to solve the problem.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *