all InfoSec news
VU#119678: Samba vfs_fruit module insecurely handles extended file attributes
Jan. 31, 2022, 4:46 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
The Samba vfs_fruit module allows out-of-bounds heap read and write via extended file attributes (CVE-2021-44142). This vulnerability allows a remote attacker to execute arbitrary code with root privileges.
Description
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba with vfs_fruit configured allows out-of-bounds heap read and write via specially crafted extended file attributes.
For more information, see the Samba announcement for …
More from kb.cert.org / CERT Recently Published Vulnerability Notes
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
1 month, 4 weeks ago |
kb.cert.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC