Remote code execution vulnerability present in Samba versions prior to 4.13.17

Australian Cyber Security Centre

Background /What has happened?

A remote code execution (RCE) vulnerability (CVE-2021-44142) has been identified in Samba versions prior to 4.13.17. Samba is a popular open source implementation of the Server Message Block (SMB) protocol, which allows users of Linux, Windows and MacOS operating systems to share and print files across a network.

Exploitation of this vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.

Samba’s vendor list shows the potential devices and software that may be affected by this vulnerability.

/Public Release. View in full here.