Symlink Following Vulnerability in Samba Affects Linux and UNIX Systems
CVE-2022-3592

6.5MEDIUM

Key Information:

Vendor: Samba
Status: Samba
Vendor: CVE Published:; 12 January 2023

What is CVE-2022-3592?

A symlink following vulnerability exists in Samba that permits a remote user to create symbolic links, enabling 'smbd' to bypass the configured share path. This flaw can be exploited when users have access to the exported portion of the filesystem via SMB1 Unix extensions or NFS, allowing them to create symlinks to files beyond the intended share, potentially exposing files on restricted server filesystems.

Affected Version(s)

samba Affects samba since 4.17.0, Fixed samba 4.17.2.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2137776

https://www.samba.org/samba/security/CVE-2022-3592.html

https://access.redhat.com/security/cve/CVE-2022-3592

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2023
Vulnerability Reserved
Oct 18, 2022