Samba Remote Code Execution Vulnerability (CVE-2021-44142)


An out-of-bounds heap read and write vulnerability was found in Samba (CVE-2021-44142). This vulnerability allows a remote attacker to execute arbitrary code with root privileges on all affected installations that use the virtual file system (VFS) module vfs_fruit.

Cristie Software conducted a product assessment to see if any products may be affected.

Cristie Software Products do not utilize the vfs_fruit module and are NOT affected by this vulnerability.

Products that use Windows operating systems including BMR and CloneManager products are not affected by this vulnerability.

Products that use Linux, including the Cristie Virtual Appliance, Linux BMR and Linux CloneManager products do not use the fruit VFS module and it is not loaded in the software.

Reference link: Samba - Security Announcement Archive