Bug 2137776 (CVE-2022-3592) - CVE-2022-3592 samba: wide links protection broken
Summary: CVE-2022-3592 samba: wide links protection broken
Keywords:
Status: NEW
Alias: CVE-2022-3592
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat2138446 2137778
Blocks: Embargoed2137644
TreeView+ depends on / blocked
 
Reported: 2022-10-26 07:36 UTC by TEJ RATHI
Modified: 2023-01-16 08:27 UTC (History)
9 users (show)

Fixed In Version: samba 4.17.2
Doc Type: If docs needed, set a value
Doc Text:
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
Clone Of:
Environment:
Last Closed:

Attachments (Terms of Use)

Description TEJ RATHI 2022-10-26 07:36:07 UTC 
Samba 4.17 introduced following symlinks in user space with the intent to properly check symlink targets to stay within the share that was configured by the administrator. The check does not properly cover a corner case, so that a user can create a symbolic link that will make smbd escape the configured share path.

Affects - All versions of Samba since 4.17.0.
Samba 4.17.2 has been issued as a security releases to correct the defect.

https://www.samba.org/samba/security/CVE-2022-3592.html
Comment 1 TEJ RATHI 2022-10-26 07:36:56 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2137778]
Note You need to log in before you can comment on or make changes to this bug.