Main Vulnerability Database Vulnerabilities #VU68700

#VU68700 UNIX symbolic link following in Samba - CVE-2022-3592

Published: October 25, 2022

Vulnerability identifier: #VU68700

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-3592

CWE-ID: CWE-61

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Samba

Software vendor:
Samba

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. A remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS can create symlinks to files outside of the smbd configured share path and access otherwise restricted files on the server.

Remediation

Install updates from vendor's website.

External links

https://www.samba.org/samba/security/CVE-2022-3592.html

#VU68700 UNIX symbolic link following in Samba - CVE-2022-3592

Description

Remediation

External links

Please verify you're human