Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2021-44142 First vendor Publication 2022-02-21
Vendor Cve Last vendor Modification 2022-02-23

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 8.8
Base Score 8.8 Environmental Score 8.8
impact SubScore 5.9 Temporal Score 8.8
Exploitabality Sub Score 2.8
 
Attack Vector Network Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
50 % CWE-125 Out-of-bounds Read

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1
Application 371
Application 13
Os 5
Os 2
Os 2
Os 2
Os 1
Os 2
Os 2
Os 2
Os 1
Os 2
Os 2
Os 1
Os 1
Os 2
Os 2
Os 2
Os 3
Os 1
Os 3

Sources (Detail)

Source Url
CERT-VN https://kb.cert.org/vuls/id/119678
CONFIRM https://bugzilla.samba.org/show_bug.cgi?id=14914
https://www.samba.org/samba/security/CVE-2021-44142.html
MISC https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-s...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2022-10-11 13:10:23
  • Multiple Updates
2022-10-11 01:23:41
  • Multiple Updates
2022-02-23 21:22:56
  • Multiple Updates
2022-02-22 13:22:54
  • Multiple Updates
2022-02-21 21:22:52
  • First insertion