back to article Remote code execution vulnerability in Samba due to macOS interop module

An vulnerability in Samba 4 allowed remote code to run as root due to a bug in its support for Mac clients. It's fixed in 4.13.17, 4.14.12 and 4.15.5, and in case you can't upgrade, there are patches. The vuln is being tracked as CVE-2021-44142 and received a CVSS rating of 9.9. Samba is a FOSS implementation of Microsoft's …

  1. Anonymous Coward
    Anonymous Coward

    Heads up networked Time Machine users

    If you're backing up your macOS machine to a Linux shared drive via Time Machine, you're probably using this module. I know I am!

    1. katrinab Silver badge
      Unhappy

      Re: Heads up networked Time Machine users

      Or FreeBSD

      I don't think it is possible to use TimeMachine without it.

    2. Mike Pellatt

      Re: Heads up networked Time Machine users

      Not if you're using netatalk for that. I know I am!

      For general filesharing, both SMB and AFP were pensioned off here over 2 years ago in favour of Nextcloud.

      And that's made Time Machine pretty much redundant for my use case too.

      1. katrinab Silver badge
        Meh

        Re: Heads up networked Time Machine users

        I have Nextcloud.

        I also have the Nextcloud share mounted using rclone, and share that using Samba. Mainly so that my scanner can save files to it. Somewhat slower than a Samba share of a zfs volume, but it works.

    3. paddy carroll 1

      Re: Heads up networked Time Machine users

      Thats if TimeMachine works which on my M1 MacBook Pro running 12.1 it never has...

      cmon apple, nearly 2 months ago I reported this

      1. Zbig

        Re: Heads up networked Time Machine users

        It was super unreliable for me as well when I was trying to back up my M1 MBP to the same Time Machine network share that my Intel Mac mini was already backing up to. What seems to have successfully worked around this issue was me creating a separate Time Machine share on my Synology NAS, dedicated to my M1 MBP's exclusive use.

  2. fg_swe Bronze badge

    C: Memory Unsafe - Insecure

    The first exploit CVE-2021-44142 could have been avoided by using a memory safe language such as this one:

    http://sappeur.ddnss.de/

    1. Anonymous Coward
      Anonymous Coward

      Re: C: Memory Unsafe - Insecure

      I'm convinced that C Devs should be taught to prefer arrays and indexes over pointers. These could then be runtime bounds checked via a default compiler option.

  3. LDS Silver badge

    CIFS?

    As far as I know that name was abandoned long ago - and now Microsoft refers to is as SMB everywhere. There was an attempt in a couple of RFCs - but they didn't went far.

    Still, Samba shows how much it is needed in *nix land too. Just look at the slow uptake of NFSv4 - because some didn't like it (the usual "religion wars" in Nixland..., just like systemd), and still slowly it had to add missing features in .x versions.

    1. Lars Silver badge
      Happy

      Re: CIFS?

      *nix* is still the dominating OS in Samba and nginx, as for "religious wars" we don't hear about them in Microsoft as they are internal.

      Stats from netcraft.com.

    2. dafe

      Re: CIFS?

      Is it a holy war? Or is it inertia?

  4. Charlie Clark Silver badge

    Meanwhile in other news…

    Apple has released security updates for MacOS and Safari. Behind the curve as usual but better late than never.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like