The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver."
Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes.“A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.”
¶ Is Artica is affected ?
Artica Proxy uses the Samba engine in two ways:
- When using Artica Proxy with NTLM authentication
- When activating the file sharing feature
In both cases, the use of the vfs_fruit module is not yet supported and the server is not impacted with Artica 4.30x or 4.40x
¶ If Artica is not affected, why displaying this message ?
This message has been added in versions 4.40 Service Pack 24 and 4.50x.
Some customers use vulnerability scanner tools.
These tools do not care if the software is running and is able to open the vulnerability.
If the software version is lower than the version that fixes the vulnerability, then they consider the Artica server to be vulnerable.
In order for these tools to stop reporting the issue, Artica allows you to update the software by clicking on the "Fix It" button.