Samba has fixed a vulnerability in all versions of its software prior to version 4.13.17. The vulnerability allows an attacker to remotely inject malicious code and execute it with root privileges.
“The specific bug is parsing EA metadata when opening files in smbd. Exploiting this vulnerability requires access as a user who has write access to a file’s extended attributes. “Note that if such users have write access to a file’s extended attributes, this could be a guest or an unauthenticated user.”
Discovered by Devcore’s Orange Tsai and identified as CVE-2021-44142, the vfs_fruit module that improves compatibility for OS X clients is vulnerable in its default configuration, according to Samba. If the fruit:metadata=netatalk or fruit:resource=file options are set to any other value, the vulnerability will not work but a warning will be issued.
“Changing the VFS module settings fruit:metadata or fruit:resource to the unaffected setting results in all stored information being inaccessible and it appears to macOS clients as if the information is lost,” Samba said.
As a workaround, Samba recommends removing fruit from the configuration. The vulnerability was rated 9.9 out of 10 on the CVSSv3.1 scale.