A critical update to the Samba interoperability software fixed three serious security flaws stemming from the Log4J breach. One of the vulnerabilities, CVE-2021-44142, received a score of 9.9 out of 10, indicating the high danger of users of the system, which runs on Linux servers to allow its connection to systems running Windows and macOS, allowing file sharing, print jobs, and more.
The openings were discovered during the Pwn2Own 2021 event, held in November last year in the city of Austin, in the United States. The hacking marathon is promoted by the Zero Day Initiative, an arm of the digital security company Trend Micro focused precisely on the discovery of critical flaws of this type. Updating servers is now cited as essential for administrators, with patches already available to fix all vulnerabilities.
The most serious flaw, as well as its two variants, was found in a module called vfs_fruit, which serves the files to different connected devices. From the opening, it would be possible to execute malicious codes without the need for any type of authentication, during the data reading process, with the default configuration of the Samba servers allowing this type of exploitation, mainly with regard to interoperability with devices running systems Apple operating systems.
Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
While there is no evidence of effective exploitation of the breach, Trend Micro warns that all Samba installations with versions prior to 4.13.17 are susceptible to malicious exploitation. The developers have also released mitigations for later versions, with the recommendation being for everyone to update their networks as soon as possible, especially now that the opening details have been revealed, which could lead to a race for criminals to take advantage of systems. not yet fixed.
The alert gains additional importance when considering that Samba is used by all types of organizations, from smaller companies to government sectors, communications, industry, energy, science and technology. Specific interoperability settings, experts say, can serve to stop attacks, but even so, the recommendation is to update or, at least, apply mitigation measures on all affected systems.
A recommendation for those who cannot perform the process immediately, for example, is to disable the vfs_fruit module, but this can affect the system’s operation with computers running macOS. Another important warning is given to software vendors using Samba, who should accelerate patching and testing, releasing new versions of their systems to customers as quickly as possible.
