Bug 2137776 (CVE-2022-3592) - CVE-2022-3592 samba: wide links protection broken
Summary: CVE-2022-3592 samba: wide links protection broken
Status: NEW
Alias: CVE-2022-3592
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody
QA Contact:
Depends On: 2137778 2138446
Blocks: 2137644
TreeView+ depends on / blocked
Reported: 2022-10-26 07:36 UTC by TEJ RATHI
Modified: 2023-09-14 10:09 UTC (History)
9 users (show)

Fixed In Version: samba 4.17.2
Doc Type: If docs needed, set a value
Doc Text:
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description TEJ RATHI 2022-10-26 07:36:07 UTC
Samba 4.17 introduced following symlinks in user space with the intent to properly check symlink targets to stay within the share that was configured by the administrator. The check does not properly cover a corner case, so that a user can create a symbolic link that will make smbd escape the configured share path.

Affects - All versions of Samba since 4.17.0.
Samba 4.17.2 has been issued as a security releases to correct the defect.


Comment 1 TEJ RATHI 2022-10-26 07:36:56 UTC
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2137778]

Note You need to log in before you can comment on or make changes to this bug.