Is the PAN-OS product vulnerable to CVE-2021-44142?

Is the PAN-OS product vulnerable to CVE-2021-44142?

6163
Created On 02/16/22 21:24 PM - Last Modified 06/07/23 22:23 PM


Question


Is the PAN-OS product vulnerable to CVE-2021-44142?

 

Environment


  • PAN-OS 9.1 and above.
  • CVE-2021-44142

Answer


Engineering team has confirmed the PANOS is not vulnerable to CVE--2021-44142.

Response:

The smb service and client binaries are not present on PAN-OS. samba-common is used for NTLM authentication for user-id, and captive-portal login
Without the smb service running, its not possible to write to shares defined in /etc/samba/smb.conf.
The other library package samba-common-libs is used to call functions directly.

 

Additional Information


Issue affecting Samba prior to 4.13.17.
This is a RCE issue which the attacker must need to have a write access to a file's extended attributes. Please review the configuration to verify if the VFS module vfs_fruit exist in the default config ( fruit:metadata=netatalk or fruit:resource=file)
Please remove the "fruit" VFS module from the list.
4.13.17, 4.14.12 and 4.15.5 has been released for the fix. https://www.samba.org/samba/security/CVE-2021-44142.html
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NG6CAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language