Vulnerability Description
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | >= 4.17.0, < 4.17.2 |
| Fedoraproject | Fedora | 36 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2022-3592Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2137776Issue TrackingThird Party Advisory
- https://security.gentoo.org/glsa/202309-06
- https://www.samba.org/samba/security/CVE-2022-3592.htmlVendor Advisory
- https://access.redhat.com/security/cve/CVE-2022-3592Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2137776Issue TrackingThird Party Advisory
- https://security.gentoo.org/glsa/202309-06
- https://www.samba.org/samba/security/CVE-2022-3592.htmlVendor Advisory
FAQ
What is CVE-2022-3592?
CVE-2022-3592 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the ...
How severe is CVE-2022-3592?
CVE-2022-3592 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3592?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Fedoraproject Fedora.