CVE-2022-3592
Summary
| CVE | CVE-2022-3592 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-01-12 15:15:00 UTC |
|---|
| Updated | 2023-09-17 09:15:00 UTC |
|---|
| Description | A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| 2137776 – (CVE-2022-3592) CVE-2022-3592 samba: wide links protection broken |
MISC |
bugzilla.redhat.com |
|
| Samba - Security Announcement Archive |
MISC |
www.samba.org |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 283246 Fedora Security Update for samba (FEDORA-2022-3dcb5a3785)
- 283455 Fedora Security Update for samba (FEDORA-2022-8a9a568dbe)
- 355336 Amazon Linux Security Advisory for samba : ALAS2023-2023-032
- 502620 Alpine Linux Security Update for samba
- 502790 Alpine Linux Security Update for samba
- 503810 Alpine Linux Security Update for samba
- 710751 Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202309-06)
