The Samba-Bugzilla – Attachment 17580 Details for
Bug 15207
CVE-2022-3592 [SECURITY] Samba 4.17 wide links check broken
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
CVE advisory v2
CVE-2022-3592.txt (text/plain), 2.25 KB, created by
Ralph Böhme
on 2022-10-19 04:37:33 UTC
(
hide
)
Description:
CVE advisory v2
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2022-10-19 04:37:33 UTC
Size:
2.25 KB
patch
obsolete
>=========================================================== >== Subject: Wide links protection broken >== >== CVE ID#: CVE-2021-43566 >== >== Versions: All versions of Samba since 4.17.0 >== >== Summary: A malicious client can use a symlink to escape >== the exported directory >=========================================================== > >=========== >Description >=========== > >Samba 4.17 introduced following symlinks in user space with the intent >to properly check symlink targets to stay within the share that was >configured by the administrator. The check does not properly cover a >corner case, so that a user can create a symbolic link that will make >smbd escape the configured share path. > >Clients that have write access to the exported part of the file system >under a share via SMB1 unix extensions or NFS can create symlinks can >use the vulnerability to get access to all of the server's file >system. > >================== >Patch Availability >================== > >Patches addressing this issue has been posted to: > > https://www.samba.org/samba/security/ > >Samba 4.17.1 has been issued as a security releases to correct the >defect. Samba administrators are advised to upgrade to this release as >soon as possible. > >================== >CVSSv3.1 calculation >================== > >CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N (5.4) > >================================= >Workaround and mitigating factors >================================= > >Do not enable SMB1 (please note SMB1 is disabled by default in Samba >from version 4.11.0 and onwards). This prevents the creation of >symbolic links via SMB1. If SMB1 must be enabled for backwards >compatibility then add the parameter: > >unix extensions = no > >to the [global] section of your smb.conf and restart smbd. This >prevents SMB1 clients from creating symlinks on the exported file >system. > >However, if the same region of the file system is also exported using >NFS, NFS clients can create symlinks that potentially can also hit the >race condition. For non-patched versions of Samba we recommend only >exporting areas of the file system by either SMB2 or NFS, not both. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17580">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 15207
:
17566
|
17575
|
17576
|
17578
|
17579
|
17580
|
17581
|
17582
|
17584