Symlink Following Vulnerability in Samba Affects Linux and UNIX Systems
CVE-2022-3592

6.5MEDIUM

Key Information:

Vendor: Samba
Status: Samba
Vendor: CVE Published:; 12 January 2023

What is CVE-2022-3592?

A symlink following vulnerability exists in Samba that permits a remote user to create symbolic links, enabling 'smbd' to bypass the configured share path. This flaw can be exploited when users have access to the exported portion of the filesystem via SMB1 Unix extensions or NFS, allowing them to create symlinks to files beyond the intended share, potentially exposing files on restricted server filesystems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

samba Affects samba since 4.17.0, Fixed samba 4.17.2.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2137776

https://www.samba.org/samba/security/CVE-2022-3592.html

https://access.redhat.com/security/cve/CVE-2022-3592

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2023
Vulnerability Reserved
Oct 18, 2022

JSON

Samba