Reset Search
 

 

Article

KB44996 - CVE-2021-44142 - Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution

« Go Back

Information

 
Last Modified Date4/1/2022 1:30 AM
Synopsis
Problem or Goal
A vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit has been reported on the 1st of Feb, 2022.

The library/package does not have the code path hence PCS,PPS and ICS cannot be exploitable.

More details can be found in the links below,

https://access.redhat.com/security/cve/cve-2021-44142
https://www.samba.org/samba/security/CVE-2021-44142.html
Cause
Solution
Ivanti Pulse Engineering teams have completed their investigation and the complete results are updated in the table below. 
 
ProductImpact
Pulse Secure Virtual Traffic ManagerNot Affected*
Pulse Secure Services DirectorNot Affected*
Pulse Secure Web Application FirewallNot Affected*
Pulse Connect SecureNot Exploitable**
Ivanti Connect Secure (ICS)Not Exploitable**
Pulse Policy SecureNot Exploitable**
Pulse Desktop ClientNot Affected*
Pulse Mobile ClientNot Affected*
Pulse OneNot Affected*
Pulse ZTANot Affected*
Ivanti Neurons for ZTANot Affected*
Ivanti Neurons for secure AccessNot Affected*

Note:
* Affected Library/Package not present.
** The affected Library/Package will be removed in the future releases. 
Related Links
Attachment 1 
Created ByRaghu Kumar

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255