Background /What has happened?
A remote code execution (RCE) vulnerability (CVE-2021-44142) has been identified in Samba versions prior to 4.13.17. Samba is a popular open source implementation of the Server Message Block (SMB) protocol, which allows users of Linux, Windows and MacOS operating systems to share and print files across a network.
Exploitation of this vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.
Samba’s vendor list shows the potential devices and software that may be affected by this vulnerability.
Further information on this vulnerability is available in the Samba security advisory.
Mitigation / How do I stay secure?
Australian organisations who use Samba versions prior to 4.13.17 should review their patch status and update to the latest version. Samba have released a security advisory listing vulnerable versions.
A patch has been released for affected versions of Samba, which mitigates several vulnerabilities including CVE-2021-44142.
Assistance / Where can I go for help?
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is monitoring the situation and can provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1 (1300 292 371).