Overview
The Samba vfs_fruit module allows out-of-bounds heap read and write via extended file attributes (CVE-2021-44142). This vulnerability allows a remote attacker to execute arbitrary code with root privileges.
Description
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba with vfs_fruit configured allows out-of-bounds heap read and write via specially crafted extended file attributes.
For more information, see the Samba announcement for CVE-2021-44142 and bug 14914. Also available for reference is a detailed blog post from ZDI.
Impact
A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
From the Samba annoucement for CVE-2021-44142:
Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.
Solution
Apply an update
Samba has released versions 4.13.17, 4.14.12, and 4.15.5.
Disable vfs_fruit
As a workaround, remove 'fruit' from 'vfs objects' lines in Samba configuration files (e.g., smb.conf).
Acknowledgements
Thanks to Orange Tsai of DEVCORE for researching and reporting this vulnerability. Thanks also to Samba, ZDI, and Western Digital for coordination efforts.
This document was written by James Stanley and Art Manion.
Vendor Information
OpenWRT Affected
Statement Date: March 25, 2022
| CVE-2021-44142 | Affected |
Vendor Statement
Fixed in OpenWrt master and 22.03 by upgrade to 4.14.12: https://github.com/openwrt/packages/commit/1fa70d6a3c68bc49bdeae4d505f2e41ff3a0b906
Prepared fix for OpenWrt 21.02 by upgrade to 4.14.12: https://github.com/openwrt/packages/pull/18145
Will not fix this for OpenWrt 19.07, it still uses Samba 4.11.17
Red Hat Affected
Statement Date: January 31, 2022
| CVE-2021-44142 | Affected |
Vendor Statement
Red Hat has released updated addressing this vulnerability. These can be found on our CVE page.
References
Samba Affected
Statement Date: January 31, 2022
| CVE-2021-44142 | Affected |
Vendor Statement
We have not received a statement from the vendor.
References
SUSE Linux Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Affected |
Vendor Statement
SUSE is affected by this vulnerability and has released or will release updates.
Synology Affected
Statement Date: February 03, 2022
| CVE-2021-44142 | Affected |
Vendor Statement
We have not received a statement from the vendor.
References
Ubuntu Affected
Statement Date: January 25, 2022
| CVE-2021-44142 | Affected |
Vendor Statement
We have not received a statement from the vendor.
Advantech Czech Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Android Open Source Project Not Affected
Statement Date: February 09, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Aruba Networks Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
AVM GmbH Not Affected
Statement Date: February 10, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Belden Not Affected
Statement Date: March 14, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Check Point Not Affected
Statement Date: January 25, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
vfs_fruit module is not in use.
Dell SecureWorks Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Devicescape Not Affected
Statement Date: January 28, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Digi International Not Affected
Statement Date: June 27, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
After further due diligence, Digi International has determined that we are not affected by this vulnerability due to Samba not being used in our products or services.
eCosCentric Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
No Samba code in our products
Espressif Systems Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
Espressif does not include Samba in the products or SDKs.
F5 Networks Not Affected
Statement Date: February 04, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
Some F5 products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.
References
Fastly Not Affected
Statement Date: February 01, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
HardenedBSD Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
HardenedBSD does not ship with Samba in the base operating system.
Illumos Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
Samba is not part of illumos proper, but is something distributions add in their own releases.
Internet Initiative Japan Inc. Not Affected
Statement Date: January 25, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Joyent Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
Triton, our cloud management system, is not affected at all.
SmartOS offers SAMBA via pkgsrc, but it is not part of a base SmartOS system. pkgsrc will update SAMBA when SAMBA updates for this case.
Juniper Networks Not Affected
Statement Date: March 01, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
Based on our investigation we confirm that there are no platforms/products which are affected from this vulnerability.
Security Incident Response Team Juniper Networks
LANCOM Systems GmbH Not Affected
Statement Date: February 23, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
lwIP Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Microsoft Not Affected
Statement Date: February 03, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
MikroTik Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
MikroTik does not use "vfs_fruit module" and therefore is not affected by this CVE.
Miredo Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Muonics Inc. Not Affected
Statement Date: January 25, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
Muonics does not use Samba in any of its products and thus this vulnerability is not applicable.
netsnmp Not Affected
Statement Date: January 26, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Sierra Wireless Not Affected
Statement Date: February 12, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Treck Not Affected
Statement Date: January 24, 2022
| CVE-2021-44142 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
A10 Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ACCESS Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Actelis Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Actiontec Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ADATA Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ADTRAN Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Advantech B-B Technology Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Advantech Taiwan Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Aerohive Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
AhnLab Inc Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
AirWatch Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Akamai Technologies Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Alcatel-Lucent Enterprise Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Allied Telesis Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Alpine Linux Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Altran Intelligent Systems Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Amazon Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ANTlabs Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Apple Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Arcadyan Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Arch Linux Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Arista Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ARRIS Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ASUSTeK Computer Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Atheros Communications Inc Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
AT&T Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Avaya Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Barracuda Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Belkin Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Bell Canada Enterprises Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
BlackBerry Unknown
Statement Date: January 24, 2022
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Blackberry QNX Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
BlueCat Networks Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Blue Coat Systems Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Blunk Microsystems Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
BoringSSL Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Broadcom Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Brocade Communication Systems Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Buffalo Technology Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cambium Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
CA Technologies Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ceragon Networks Inc Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cirpack Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cisco Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Citrix Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
CMX Systems Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Comcast Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Commscope Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Contiki OS Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cradlepoint Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cricket Wireless Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cypress Semiconductor Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
CZ.NIC Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
dd-wrt Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Debian GNU/Linux Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Dell Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Dell EMC Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
DesktopBSD Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Deutsche Telekom Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
D-Link Systems Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
dnsmasq Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
DragonFly BSD Project Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
eero Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
EfficientIP Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ENEA Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ericsson Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
European Registry for Internet Domains Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Express Logic Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Extreme Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Fedora Project Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
FNet Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Force10 Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Fortinet Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
FreeBSD Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
FreeRTOS Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
F-Secure Corporation Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Gentoo Linux Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
GFI Software Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
GNU adns Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
GNU glibc Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Google Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Grandstream Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Green Hills Software Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
HCC Embedded Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Hewlett Packard Enterprise Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Hitachi Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Honeywell Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
HP Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
HTC Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Huawei Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
IBM Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
IBM Corporation (zseries) Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
IBM Numa-Q Division (Formerly Sequent) Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ICASI Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Infoblox Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
InfoExpress Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Intel Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Internet Systems Consortium Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Internet Systems Consortium - DHCP Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
IP Infusion Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
JH Software Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
JPCERT/CC Vulnerability Handling Team Unknown
Statement Date: January 24, 2022
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
kubernetes Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lancope Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lantronix Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lenovo Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
LG Electronics Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
LibreSSL Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Linksys Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
LITE-ON Technology Corporation Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
LiteSpeed Technologies Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lynx Software Technologies Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
m0n0wall Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Marconi Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Marvell Semiconductor Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
McAfee Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
MediaTek Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Medtronic Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Men & Mice Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Metaswitch Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Microchip Technology Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Micro Focus Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Mitel Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Motorola Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
National Cyber Security Center Netherlands Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
National Cyber Security Centre Finland Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NCSC-FI Vulnerability Coordinator Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NEC Corporation Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NetBSD Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NetBurner Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NetComm Wireless Limited Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NETGEAR Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NETSCOUT Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
netsnmpj Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Nexenta Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NIKSUN Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Nixu Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NLnet Labs Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Nokia Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OleumTech Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenBSD Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenConnect Ltd Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenDNS Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenIndiana Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenSSL Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Openwall GNU/*/Linux Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Oracle Corporation Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Oryx Embedded Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Paessler Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Palo Alto Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Peplink Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
pfSense Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Philips Electronics Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Phoenix Contact Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
PHPIDS Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
PowerDNS Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Proxim Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Pulse Secure Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
QLogic Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
QNAP Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Quadros Systems Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Quagga Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Qualcomm Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Quantenna Communications Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Riverbed Technologies Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Roku Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ruckus Wireless Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ruijie Networks Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Samsung Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Samsung Mobile Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Samsung Semiconductor Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Schneider Electric Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Secure64 Software Corporation Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
SEIKO EPSON Corp. / Epson America Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Slackware Linux Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
SMC Networks Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
SmoothWall Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Snort Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
SonicWall Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sonos Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sony Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sophos Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sourcefire Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Symantec Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
systemd Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TCPWave Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TDS Telecom Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Tenable Network Security Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
The OpenBSD project Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TippingPoint Technologies Inc. Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Tizen Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TP-LINK Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TrueOS Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Turbolinux Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ubiquiti Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Unisys Corporation Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Univention Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Untangle Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Vantiva Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Viasat Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
VMware Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Western Digital Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Wind River Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
WizNET Technology Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
wolfSSL Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Xiaomi Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
XigmaNAS Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Xilinx Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Zebra Technologies Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Zephyr Project Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ZTE Corporation Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Zyxel Unknown
| CVE-2021-44142 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
References
- https://www.samba.org/samba/security/CVE-2021-44142.html
- https://bugzilla.samba.org/show_bug.cgi?id=14914
- https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin
- https://www.samba.org/samba/history/security.html
- https://www.samba.org/samba/docs/current/man-html/vfs_fruit.8.html
Other Information
| CVE IDs: | CVE-2021-44142 |
| API URL: | VINCE JSON | CSAF |
| Date Public: | 2022-01-31 |
| Date First Published: | 2022-01-31 |
| Date Last Updated: | 2025-02-03 21:10 UTC |
| Document Revision: | 20 |