摘要:
Samba 4.17 introduced following symlinks in user space with the intent to properly check symlink targets to stay within the share that was configured by the administrator. The check does not properly cover a corner case, so that a user can create a symbolic link that will make smbd escape the configured share path.Affects - All versions of Samba since 4.17.0.Samba 4.17.2 has been issued as a security releases to correct the defect.https://www.samba.org/samba/security/CVE-2022-3592.html
安全等级: Low
公告ID: KylinSec-SA-2022-2606
发布日期: 2022年11月11日
关联CVE: CVE-2022-3592
Samba 4.17 introduced following symlinks in user space with the intent to properly check symlink targets to stay within the share that was configured by the administrator. The check does not properly cover a corner case, so that a user can create a symbolic link that will make smbd escape the configured share path.Affects - All versions of Samba since 4.17.0.Samba 4.17.2 has been issued as a security releases to correct the defect.https://www.samba.org/samba/security/CVE-2022-3592.html
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-3592 | KY3.4-4A | samba | Unaffected |
| CVE-2022-3592 | KY3.4-5 | samba | Unaffected |
| CVE-2022-3592 | KY3.5.1 | samba | Unaffected |
