A serious vulnerability in network protocol Samba makes Linux servers vulnerable to RCE attacks (remote code execution). Samba is incorporated into Red Hat Linux, SUSE Linux and Ubuntu. Servers with outdated distros are at risk.
Network protocol Samba is used by various platforms for file sharing between Linux, Windows and macOS endpoints on the same network. Orange Tsai, the pseudonym of a security researcher at DEVCORE, found a vulnerability in the protocol (CVE-2021-44142). CVE gave the vulnerability a troubling score of 9.9.
Orange Tsai manipulated Samba to write data outside a buffer via a VFS module (vfs_fruit). The attack type is known as out-of-bounds read and write. Ultimately, the vulnerability allows an attacker to execute code on a server.
An attacker must be authorized to modify the files that Samba processes, also known as write access. “That could just as easily be a guest or unauthenticated user”, adds the developer of Samba.
Samba published multiple patches to fix the vulnerability in multiple software versions. Samba also published multiple software versions with integrated patches. The secure variants of versions 4.13.17, 4.14.12 and 4.15.5 are available here.
As mentioned earlier, Samba is incorporated into major Linux distros. The CERT Coordination Center maintains a list of all affected platforms. Red Hat and SUSE have published a patch for their distros. The CERT Coordination Center says that Ubuntu received a warning, but has yet to respond.