Vulnerability in Versions of Samba Prior to 4.13.17 Could Allow a Remote Attacker to Execute Arbitrary Code
Priority: ● High
Status: In Progress - Undergoing Analysis
First Published: 2022 February 10
Advisory Version: 1.0
References: CVE-2021-44142
Summary
A vulnerability in the Samba VFS module "vfs_fruit" could allow a remote attacker to execute arbitrary code with root privileges. All versions of Samba prior to 4.13.17 that use the affected module are impacted. Additional information from samba.org may be found here.
Samba has since released patches that mitigate this vulnerability.
Affected Products
Vulnerable Products
Hitachi Vantara is currently investigating its product lines to determine if any are affected by this vulnerability. If any products or solutions are found to be impacted, they will be indicated in this section, in subsequent updates to this advisory, along with information regarding mitigations or fixed release versions (if such information is available at the time). Likewise, any products or solutions that have been confirmed not to be affected by the given vulnerability will be listed in the section below.
NOTE: If cited, product documentation, including product-specific Alerts and Technical Bulletins, are available to Hitachi Vantara customers logged into Support Connect.
| Product | Notes / Fixed Release Version |
| Hitachi Unified Compute Platform (UCP) |
| UCP HC / CI / RS | Hitachi UCP solutions that use Linux-based operating systems may be exposed to CVE-2021-44142. We strongly urge customers with these solutions to refer to vendors' respective advisories, in order to assess their risk for vulnerability and, if applicable and when available, implement their specified remediation: · Red Hat · SUSE · Oracle Linux |
Products Confirmed Not Vulnerable
* As this is an ongoing investigation across all Hitachi Vantara product lines, please note that products may be reclassified as vulnerable as they continue to be evaluated for risk
| Product | Notes |
| Network Attached Storage |
| HNAS 5000 Series | Samba is not used. |
| HNAS 4000 Series | Samba is not used. |
| HNAS 30x0 Series | Samba is not used. |
| Virtual Storage Platform Gx00/Fx00 NAS Modules | Samba is not used. |
| Virtual Storage Platform Nx00 NAS Modules | Samba is not used. |
| HNAS SMU | Samba is not used. |
| Software Products |
| Hitachi Ops Center All applications and components |
Samba is not used. |
| HiCommand Suite All applications and components |
Samba is not used. |
| Content Products |
| Content Platform (HCP) | The VFS module "vfs_fruit" is not used |
| Content Platform S Series | Samba is not used. |
| HCP for Cloud Scale | Samba is not used. |
| Content Intelligence (HCI) | Not affected. |
| Content Platform Anywhere | Samba is not used. |
Recommended Actions
Please continue to check this Security Advisory, as new information will be added to it as it becomes available.
If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.
The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.