# CVE-2021-44142 Vulnerability Checker
A tool to check if a Samba server is vulnerable to CVE-2021-44142

## Background
CVE-2021-44142 is a heap out-of-bounds read and write in Samba's vfs_fruit module used at Pwn2Own Austin 2021 against the Western Digital PR4100. It was first discovered by [Nguyễn Hoàng Thạch]( and [Billy Jheng Bing-Jhong]( of STAR Labs. [Orange Tsai]( of DEVCORE also reported this vulnerability. This work is based off a blog post by [0xsha]( at

This tool demonstrates vulnerability to CVE-2021-44142 by dumping a talloc heap cookie and linked list pointer. Similar techniques can be used to write this data.

This work expands on the work of 0xsha by:
* Doing all the work required for the exploit in a single SMB connection. This is required as Samba can handle each connection in a different process. Using a single connection also makes debugging easier.
* Making the SMB connection look like it is coming from OSX. Western Digital has a custom patch to Samba that disables the vulnerable VFS modules unless the connection looks like it came from OSX.

## Usage
usage: [-h] [--password PASSWORD] server port share user error: the following arguments are required: server, port, share, user

## Example
python 445 TimeMachineBackup Guest
    "vulnerable": true,
    "heap_cookie_leak": "0xfc571370",
    "heap_pointer_leak": "0x55e4e717b1b0",
    "fail_reason": ""