Are Zyxel NAS devices affected by an out-of-bounds (OOB) vulnerability in Samba?

ariek
ariek Posts: 30  Freshman Member
First Comment Fourth Anniversary
CVE-ID#: CVE-2021-44142
Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution. All versions of Samba prior to 4.13.17. This vulnerability allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.



Samba version on Zyxel NAS520:
:~#smbstatus
Samba version 4.1.7




Accepted Solution

  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Are Zyxel NAS devices affected by an out-of-bounds (OOB) vulnerability in Samba?
    I don't think so:

    admin@NAS520:/$ ls /usr/lib/samba/vfs/
    aio_linux.so   full_audit.so  recycle.so

    No fruit.

All Replies

  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Are Zyxel NAS devices affected by an out-of-bounds (OOB) vulnerability in Samba?
    I don't think so:

    admin@NAS520:/$ ls /usr/lib/samba/vfs/
    aio_linux.so   full_audit.so  recycle.so

    No fruit.

Consumer Product Help Center