Remote code execution vulnerability in Samba due to macOS interop module
An vulnerability in Samba 4 allowed remote code to run as root due to a bug in its support for Mac clients.
The vuln is being tracked as CVE-2021-44142 and received a CVSS rating of 9.9.
Samba is a FOSS implementation of Microsoft's Server Message Block (SMB) network protocol. SMB is how Windows (and DOS and OS/2) share drives. Microsoft used to call it the "Common Internet File System" instead, or CIFS [PDF] for short, but the name exceeded the company's ambition – in Unix land, SMB has never really displaced Sun's Network File System (NFS).
But macOS isn't like the other
kids Unixes. It's specifically designed to play nice in a world where Windows dominates, and unlike Apple's pre-NeXT MacOS (or "classic" as it was dubbed before OS X 10.5 killed it off), macOS (note the very important missing capital) speaks SMB natively.
- DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off
- Infosec chap: I found a way to hijack your web accounts, turn on your webcam from Safari – and Apple gave me $100k
- Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user
- Sophos: Log4Shell would have been a catastrophe without the Y2K-esque mobilisation of engineers
OS X can also understand the old classic MacOS AppleTalk Filing Protocol (AFP). There's a Linux server for that, too, called Netatalk. Netatalk was the only way for Classic MacOS to store files on a Linux server, and it supports the rich file metadata that Classic MacOS used. Samba has a special module called
vfs_fruit which keeps Samba shares compatible with Netatalk metadata. That is the module that has the vulnerability.
If you actively used
vfs_fruit and changed the default configuration, you're safe from the vulnerability. All the same, everyone should upgrade as soon as possible. ®