On January 31st, Samba, the popular freeware program, released security patches to address three vulnerabilities affecting all versions of Samba running the default configuration of a VFS module called “vfs_fruit” (used for macOS interoperability).
The most severe (CVE-2021-44142), with a CVSS Score of 9.9 is an out-of-bounds heap read/write vulnerability that could allow remote attackers to execute arbitrary code with root privileges on all affected installations.
It would be remiss of us not to mention that the Samba vulnerability was discovered by yours truly, during our Pwn2Own Austin 2021 hackathon event. As Jon Clay (vice president of threat intelligence at Trend Micro) stated:
“The good news is this was found during our Pwn2Own event, which means we had an opportunity to work with the developers to responsibly patch and disclose the vulnerabilities.”
What Is Samba & Why Does It Matter?
Samba is a free software re-implementation of the SMB (server message block) networking protocol that provides file and print services. It is used on Unix and Unix-like systems, and operating systems that use the SMB/Common Internet File System (CIFS) protocol — of which there are many.
This allows network administrators to configure, integrate, and set up equipment either as a domain controller (DC) or domain member, and to communicate with Windows-based clients.
Who and What Is Likely Affected?
The vulnerability affects all versions of Samba prior to 4.13.17, with security patches being released for Samba 4.13.17, 4.14.12, and 4.15.5. Administrators are advised to upgrade and apply the patch immediately. In addition, Network-attached storage (NAS) devices are also likely affected by this vulnerability, and vendors are expected to release updates for their respective devices.
Since a large number of vendors use Samba as part of their product, potential sectors affected include manufacturing, communications, energy, government, and science and technology, as well as consumer devices such as appliances and internet of things (IoT) devices.
How to Protect Yourself from the Samba Vulnerability
The bug can affect the security of your home network and NAS devices. Personal information such as email addresses, credit card information, and more, can be disclosed in data breaches resulting from this vulnerability. Here are some recommendations that can help protect your devices and applications from this vulnerability.
1. Update your applications (patched to the latest version)
Users of affected Samba versions prior to 4.13.17 should check their distributor’s updated code packages and apply the latest patch available. While Network-attached storage (NAS) device users should contact the device manufacturer about the availability of the patch and enable automatic updates (if applicable).
2. Scan devices on your home network
Trend Micro’s HouseCall for Home Networks is a very good, free scan & fix product. It guards against and cleans up cyber threats, including viruses, worms, Trojans, and spyware. A home network scanner will go some distance in protecting yourself from security flaws of this type.
3. Install a trusted antivirus program
Trend Micro Maximum Security can detect the exploit attempts from this vulnerability. Trend Micro Web Reputation Services (WRS) has blocked malicious reporting and communication vectors associated with the observed exploits.
As ever, we hope this article has been of use and/or interest to you. If so, please do SHARE it with family and friends to help keep the online community secure and protected.