{"vulnerability": "CVE-2021-44142", "sightings": [{"uuid": "38b513bf-2252-4479-b46c-e4447f744725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-44142", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=731", "content": "", "creation_timestamp": "2022-02-04T04:00:00.000000Z"}, {"uuid": "08279d95-9f3d-4645-993a-fb92bfbdffff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "published-proof-of-concept", "source": "https://t.me/cKure/8700", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 CVE-2021-44142: DETAILS ON A SAMBA CODE EXECUTION BUG DEMONSTRATED AT PWN2OWN AUSTIN.\n\nhttps://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin", "creation_timestamp": "2022-02-02T16:50:26.000000Z"}, {"uuid": "380b6750-b33d-4bc1-a186-228431f02247", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "published-proof-of-concept", "source": "Telegram/d-rVDZTUKUG3IYUJ4BAdDnIieq971JGpK_Ia99hM3eRIwok", "content": "", "creation_timestamp": "2025-10-28T09:00:04.000000Z"}, {"uuid": "abbff834-f290-40f4-9b4a-ea8037b3be93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "seen", "source": "https://t.me/poxek/677", "content": "CVE-2021-44142: Details on a Samba code execution\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\n\n@dnevnik_infosec", "creation_timestamp": "2022-02-02T22:57:57.000000Z"}, {"uuid": "00d07c18-2c14-4068-b2db-7fd299527de1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "seen", "source": "https://t.me/ctinow/46232", "content": "The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It\n\nhttps://ift.tt/gVeMQz5Yj", "creation_timestamp": "2022-02-02T09:11:10.000000Z"}, {"uuid": "e83661f5-e7ae-429a-9ff0-4657eaa4b258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "seen", "source": "https://t.me/ctinow/46131", "content": "Samba fixed CVE-2021-44142 remote code execution flaw\n\nhttps://ift.tt/y6PYNxW8t", "creation_timestamp": "2022-01-31T23:16:40.000000Z"}, {"uuid": "4d421cbc-5ef2-4907-b871-8376cab941e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "published-proof-of-concept", "source": "Telegram/fck7NJsB7j_fQpLPJRS9nKW4BPU5PVET8ZyKvUQsbmJ0gORX", "content": "", "creation_timestamp": "2022-02-02T00:46:57.000000Z"}, {"uuid": "638c930f-68ac-4adb-88b8-1a97dbea281d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "seen", "source": "Telegram/RdANidSmSSMlyUqcZxC_em2qNTDr2s2tFxU7p-_uQAgpJd5k", "content": "", "creation_timestamp": "2022-02-02T10:40:49.000000Z"}, {"uuid": "6fd006db-4e4c-4361-8728-98297fe2d505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "seen", "source": "https://t.me/true_secator/2577", "content": "\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f Orange Tsai \u0438\u0437 DEVCORE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 Samba.\n\nCVE-2021-44142 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0447\u0442\u0435\u043d\u0438\u044f/\u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u043a\u0443\u0447\u0438 \u0432\u00a0\u043c\u043e\u0434\u0443\u043b\u0435 vfs_fruit\u00a0VFS \u043f\u0440\u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 EA \u0432 \u0445\u043e\u0434\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 smbd. \u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u043c\u043e\u0434\u0443\u043b\u044c \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u043e\u0439 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c\u0438 Apple SMB \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 Netatalk 3 AFP.\n\n\u0414\u0435\u043b\u043e \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043c\u043e\u0434\u0443\u043b\u044f Fruit VFS \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e: fruit:metadata=netatalk \u0438\u043b\u0438 fruit:resource=file. \u0415\u0441\u043b\u0438 \u0434\u043b\u044f \u043e\u0431\u043e\u0438\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f, \u043e\u0442\u043b\u0438\u0447\u043d\u044b\u0435 \u043e\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435 \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u0432\u043b\u0438\u044f\u043d\u0438\u044f \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0443. \n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0445\u043e\u0442\u044f\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u043a \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u044b\u043c \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u043c \u0444\u0430\u0439\u043b\u0430. \u042d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0433\u043e\u0441\u0442\u044c \u0438\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c, \u0434\u0430\u0436\u0435 \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0435\u0441\u043b\u0438 \u0438\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d \u0442\u0430\u043a\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c\u00a0CERT (CERT/CC), \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c \u0432\u0445\u043e\u0434\u044f\u0442 Red Hat, SUSE Linux \u0438 Ubuntu. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u043c\u0435\u0448\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0435\u0441\u043b\u0438 \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0438\u043c\u0435\u044e\u0442\u0441\u044f \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Samba \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.13.17.\n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043d\u0430\u043a\u0430\u0442\u0438\u0442\u044c \u0432\u044b\u0448\u0435\u0434\u0448\u0438\u0435\u00a0\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f 4.13.17, 4.14.12 \u0438 4.15.5 \u0438\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c\u00a0\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043f\u0430\u0442\u0447\u0438\u00a0\u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043a\u0438. \n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u043e\u043c\u043d\u0438\u0442\u044c, \u0447\u0442\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u043c\u043e\u0434\u0443\u043b\u044f VFS \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0432\u0441\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439, \u0430 \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 macOS \u0438 \u0432\u043e\u0432\u0441\u0435 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0443\u0442\u0440\u0430\u0447\u0435\u043d\u043d\u043e\u0439.", "creation_timestamp": "2022-02-01T14:37:31.000000Z"}, {"uuid": "accd1cf8-3655-4ebd-bdce-99700f81f933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "seen", "source": "https://t.me/cibsecurity/37861", "content": "\u203c CVE-2021-44142 \u203c\n\nThe Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide \"...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.\" Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-21T18:41:21.000000Z"}, {"uuid": "37616805-698a-427f-a406-3bdc8707dc43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "seen", "source": "https://t.me/thehackernews/1843", "content": "\ud83d\udd25 A newly discovered vulnerability (CVE-2021-44142 / CVSS 9.9) affecting all versions of Samba could allow remote attackers to execute arbitrary code with root privileges on affected installations.\n\nDetails: https://thehackernews.com/2022/01/new-samba-bug-allows-remote-attackers.html", "creation_timestamp": "2022-02-01T05:18:21.000000Z"}, {"uuid": "380bf325-2787-4641-aa19-829a9e08b994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "seen", "source": "https://t.me/itsecalert/136", "content": "For anyone who has the misfortune of dealing with interoperability between Windows and Linux: a significant Samba security update was just released.  https://www.cisa.gov/uscert/ncas/current-activity/2022/02/01/samba-releases-security-updates\n\nCVE IDs:\n\nCVE-2021-44141\nCVE-2021-44142\nCVE-2022-0336", "creation_timestamp": "2022-02-01T18:07:20.000000Z"}, {"uuid": "ad3276cd-72e9-49c6-b6b3-2a1fadc25be9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44142", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5346", "content": "#Threat_Research\n1. CVE-2021-44142:\nDetails on a Samba Code Execution Bug\nhttps://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin\n2. Investigating Lateral Movement -\nWMI and Scheduled Tasks\nhttps://blog.gigamon.com/2022/02/03/investigating-lateral-movement-wmi-and-scheduled-tasks", "creation_timestamp": "2022-02-05T13:27:01.000000Z"}]}