Reset Search



KB44996 - CVE-2021-44142 - Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution

« Go Back


Last Modified Date4/1/2022 1:30 AM
Problem or Goal
A vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit has been reported on the 1st of Feb, 2022.

The library/package does not have the code path hence PCS,PPS and ICS cannot be exploitable.

More details can be found in the links below,
Ivanti Pulse Engineering teams have completed their investigation and the complete results are updated in the table below. 
Pulse Secure Virtual Traffic ManagerNot Affected*
Pulse Secure Services DirectorNot Affected*
Pulse Secure Web Application FirewallNot Affected*
Pulse Connect SecureNot Exploitable**
Ivanti Connect Secure (ICS)Not Exploitable**
Pulse Policy SecureNot Exploitable**
Pulse Desktop ClientNot Affected*
Pulse Mobile ClientNot Affected*
Pulse OneNot Affected*
Pulse ZTANot Affected*
Ivanti Neurons for ZTANot Affected*
Ivanti Neurons for secure AccessNot Affected*

* Affected Library/Package not present.
** The affected Library/Package will be removed in the future releases. 
Related Links
Attachment 1 
Created ByRaghu Kumar



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255