发布时间: 2022年11月11日
修改时间: 2024年11月30日
Samba 4.17 introduced following symlinks in user space with the intent to properly check symlink targets to stay within the share that was configured by the administrator. The check does not properly cover a corner case, so that a user can create a symbolic link that will make smbd escape the configured share path.Affects - All versions of Samba since 4.17.0.Samba 4.17.2 has been issued as a security releases to correct the defect.https://www.samba.org/samba/security/CVE-2022-3592.html
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | Low |
| Attack Vector | Network | Network |
| CVSS评分 | 6.5 | 5.4 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | None | Low |
| User Interaction | None | None |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2606 | Samba 4.17 introduced following symlinks in user space with the intent to properly check symlink targets to stay within the share that was configured by the administrator. The check does not properly cover a corner case, so that a user can create a symbolic link that will make smbd escape the configured share path.Affects - All versions of Samba since 4.17.0.Samba 4.17.2 has been issued as a security releases to correct the defect.https://www.samba.org/samba/security/CVE-2022-3592.html | 2022年11月11日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | samba | Unaffected |
| KY3.4-5 | samba | Unaffected |
| KY3.5.1 | samba | Unaffected |
