[Samba] CVE-2021-44142

Rowland Penny rpenny at samba.org
Tue Feb 1 13:45:17 UTC 2022


On Tue, 2022-02-01 at 09:34 -0400, frank picabia via samba wrote:
> I'm looking for a practical example of the workaround.
> 
> Not a copy/paste from the CVE announcement.
> 
> I'll do the copy/paste answer here so we don't get that answer:
> 
> "As a workaround remove the "fruit" VFS module from the list of
> configured VFS objects in any "vfs objects" line in the Samba
> configuration smb.conf."
> 
> I am certain I have never seen the term "fruit" in any smb.conf file
> in my
> many years of editing them.  So what does this practically mean?

I take it that you haven't any Macs in your network, by 'fruit' it is
referring to vfs_fruit. This means that if you have a 'vfs objects'
line in your smb.conf and if the line contains 'fruit', you should
remove it from the line. If you do not have a 'vfs objects' line, or if
your 'vfs objects' line doesn't contain 'fruit', you can ignore it.

> 
> Tell me exactly, in verbatim terms, what needs to be added to
> smb.conf to
> counter this.

Nothing, in fact it is the opposite, you just have to remove 'fruit' if
you added it.

Rowland





More information about the samba mailing list