![]() It runs on most Unix and Unix-like systems such as Linux and macOS systems, amongst other versions and operating systems (OS) that use the SMB/Common Internet File System (CIFS) protocol. What is Samba? Samba is a standard interoperability software suite integrated in Windows, a reimplementation of the server message block (SMB) networking protocol for file and print services. ![]() Trend Micro customers are protected and can follow manual workarounds to address this issue. Samba has released all the relevant patches to mitigate the impact of the threats that can abuse this gap. If abused, this security gap can be used by remote attackers to execute arbitrary code as root on all affected installations that use the virtual file system (VFS) module vfs_fruit. While we have not seen any active attacks exploiting this vulnerability, CVE-2021-44142 received a CVSS rating of 9.9 out of the three variants reported. ![]() ![]() ZDI looked further into the security gap and found more variants of the vulnerability after the event and subsequently disclosed the findings to the company. Update as of February 8, 2022: To help identify vulnerable endpoints and/or servers, you may use our recently published assessment tool to scan for the Samba vulnerability.Īn earlier version of an out-of-bounds (OOB) vulnerability in Samba was disclosed via Trend Micro Zero Day Initiative’s ( ZDI) Pwn2Own Austin 2021. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |