Update now: Samba prior to 4.13.17 hit with remote root code execution bug


Samba has fixed a vulnerability in all versions of its software prior to version 4.13.17 that allowed for a remote actor to execute code as root, thanks to an out-of-bounds heap read write vulnerability.

“The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes is required to exploit this vulnerability,” Samba said in its security notice.

“Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.”

Read more…
Source: ZDNet