2137776 – (CVE-2022-3592) CVE-2022-3592 samba: wide links protection broken

Bug 2137776 (CVE-2022-3592) - CVE-2022-3592 samba: wide links protection broken

Summary: CVE-2022-3592 samba: wide links protection broken

Keywords:
Status:	NEW
Alias:	CVE-2022-3592
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2137778 2138446
Blocks:	2137644
TreeView+	depends on / blocked

Reported:	2022-10-26 07:36 UTC by TEJ RATHI
Modified:	2023-09-14 10:09 UTC (History)
CC List:	9 users (show)
Fixed In Version:	samba 4.17.2
Doc Type:	If docs needed, set a value
Doc Text:	A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2022-10-26 07:36:07 UTC

Samba 4.17 introduced following symlinks in user space with the intent to properly check symlink targets to stay within the share that was configured by the administrator. The check does not properly cover a corner case, so that a user can create a symbolic link that will make smbd escape the configured share path.

Affects - All versions of Samba since 4.17.0.
Samba 4.17.2 has been issued as a security releases to correct the defect.

https://www.samba.org/samba/security/CVE-2022-3592.html

Comment 1 TEJ RATHI 2022-10-26 07:36:56 UTC

Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2137778]

Note You need to log in before you can comment on or make changes to this bug.