Are Zyxel NAS devices affected by an out-of-bounds (OOB) vulnerability in Samba?

Options
ariek
ariek Posts: 30  Freshman Member
First Anniversary 10 Comments
CVE-ID#: CVE-2021-44142
Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution. All versions of Samba prior to 4.13.17. This vulnerability allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.



Samba version on Zyxel NAS520:
:~#smbstatus
Samba version 4.1.7




Accepted Solution

  • Mijzelf
    Mijzelf Posts: 2,645  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Are Zyxel NAS devices affected by an out-of-bounds (OOB) vulnerability in Samba?
    I don't think so:

    admin@NAS520:/$ ls /usr/lib/samba/vfs/
    aio_linux.so   full_audit.so  recycle.so

    No fruit.

All Replies

  • Mijzelf
    Mijzelf Posts: 2,645  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Are Zyxel NAS devices affected by an out-of-bounds (OOB) vulnerability in Samba?
    I don't think so:

    admin@NAS520:/$ ls /usr/lib/samba/vfs/
    aio_linux.so   full_audit.so  recycle.so

    No fruit.

Consumer Product Help Center