Tuesday04 October 2022

Just When You Thought It Was Safe to Samba Again, New Vulnerability Allows Remote Code Execution

Reading time is around minutes.

Samba has released several updates that patch critical flaws in their popular Sever Message Block (SMB) freeware implementation. SMB is a protocol that allows for simple sharing of network resources and has had its share of critical vulnerabilities in the past. The sharing of network resources is a common target for attackers as it can be a quick an easy way to compromise a system. One of the vulnerabilities includes all versions of Samba before 4.13.17 (CVE-2021-44142).

The flaw is an out-of-bounds heap read/write vulnerability in a VFS module. An out-of-bounds write is when information is written to memory before or after the intended area (buffer). The information that is written is not part of a normal sequential write or read patter due excessive data. In other words, someone intentionally forces a write outside of the intended memory space that is nor part of normal operation. When this happens, it can allow the execution of arbitrary code making this type of flaw very serious. In the case of the Samba vulnerability is allows the code to execute as root and is remotely exploitable.

Samba is used across multiple platforms including macOS, Linux, and Windows. The CVSS score out of the gate is a 9.9 making this one a “patch now” type of vulnerability. This is the one of several patch-now vulnerabilities that have come to light in 2022 and we are only just beginning the 2nd month. After having a record year for vulnerability releases in 2021, it looks like 2022 is already shaping up to be another banner year.

This and other patch-now vulnerabilities highlight the importance of a good vulnerability management program that includes an aggressive patching cycle. The traditional monthly patching routine with the occasional out of band patch just does not cut it anymore. Additionally, as more and more flaws are found in userland software and apps the importance of covering all your endpoints in your scanning and patching efforts becomes more evident. From security perspective, 2022 is going to be an interesting year.

Happy Patching

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.