一、漏洞信息

漏洞编号：[CVE-2022-3592](https://nvd.nist.gov/vuln/detail/CVE-2022-3592)

漏洞归属组件：[libtalloc](https://gitee.com/src-openeuler/libtalloc)

漏洞归属的版本：2.3.1,2.3.3,2.3.4

CVSS V3.0分值：

BaseScore：6.5 Medium

Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

漏洞简述：

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make smbd escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the smbd configured share path and gain access to another restricted server s filesystem.

漏洞公开时间：2023-01-12 23:15:10

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2022-3592

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| secalert.redhat.com | https://security.gentoo.org/glsa/202309-06 | |

| secalert.redhat.com | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://www.samba.org/samba/security/CVE-2022-3592.html | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2022-3592 |

| samba | | https://www.samba.org//samba/security/CVE-2022-3437.html |

| samba | | https://www.samba.org//samba/security/CVE-2022-3592.html |

| gentoo | | https://security.gentoo.org/glsa/202309-06 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2022-3592 |

| cve_search | | https://access.redhat.com/security/cve/CVE-2022-3592 |

| cve_search | | https://www.samba.org/samba/security/CVE-2022-3592.html |

| cve_search | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| mageia | | http://advisories.mageia.org/MGASA-2023-0010.html |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| debian | https://security-tracker.debian.org/tracker/CVE-2022-3592 | |

| samba | https://www.samba.org//samba/security/CVE-2022-3437.html | |

| samba | https://www.samba.org//samba/security/CVE-2022-3592.html | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://access.redhat.com/security/cve/CVE-2022-3592 | | nvd |

| | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | | nvd |

| | | https://www.samba.org/samba/security/CVE-2022-3592.html | | nvd |

| samba | 4.17.2 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch | | samba |

| samba | 4.16.6 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.16.6-security-2022-10-25.patch | | samba |

| samba | 4.15.11 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.15.11-security-2022-10-25.patch | | samba |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(2.4.0):

2.openEuler-20.03-LTS-SP1(2.3.1):

3.openEuler-20.03-LTS-SP4(2.3.1):

4.openEuler-22.03-LTS(2.3.3):

5.openEuler-22.03-LTS-Next(2.3.4):

6.openEuler-22.03-LTS-SP1(2.3.4):

7.openEuler-22.03-LTS-SP2(2.3.4):

8.openEuler-22.03-LTS-SP3(2.3.4):

9.openEuler-24.03-LTS:

修复是否涉及abi变化(是/否)：

1.master(2.4.0):

2.openEuler-20.03-LTS-SP1(2.3.1):

3.openEuler-20.03-LTS-SP4(2.3.1):

4.openEuler-22.03-LTS(2.3.3):

5.openEuler-22.03-LTS-Next(2.3.4):

6.openEuler-22.03-LTS-SP1(2.3.4):

7.openEuler-22.03-LTS-SP2(2.3.4):

8.openEuler-22.03-LTS-SP3(2.3.4):

9.openEuler-24.03-LTS:

一、漏洞信息

漏洞编号：[CVE-2022-3592](https://nvd.nist.gov/vuln/detail/CVE-2022-3592)

漏洞归属组件：[libtalloc](https://gitee.com/src-openeuler/libtalloc)

漏洞归属的版本：2.3.1,2.3.3,2.3.4

CVSS V3.0分值：

BaseScore：6.5 Medium

Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

漏洞简述：

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make smbd escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the smbd configured share path and gain access to another restricted server s filesystem.

漏洞公开时间：2023-01-12 23:15:10

漏洞创建时间：2024-03-22 22:49:33

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2022-3592

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| secalert.redhat.com | https://security.gentoo.org/glsa/202309-06 | |

| secalert.redhat.com | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://www.samba.org/samba/security/CVE-2022-3592.html | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2022-3592 |

| samba | | https://www.samba.org//samba/security/CVE-2022-3437.html |

| samba | | https://www.samba.org//samba/security/CVE-2022-3592.html |

| gentoo | | https://security.gentoo.org/glsa/202309-06 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2022-3592 |

| cve_search | | https://access.redhat.com/security/cve/CVE-2022-3592 |

| cve_search | | https://www.samba.org/samba/security/CVE-2022-3592.html |

| cve_search | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| mageia | | http://advisories.mageia.org/MGASA-2023-0010.html |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| debian | https://security-tracker.debian.org/tracker/CVE-2022-3592 | |

| samba | https://www.samba.org//samba/security/CVE-2022-3437.html | |

| samba | https://www.samba.org//samba/security/CVE-2022-3592.html | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://access.redhat.com/security/cve/CVE-2022-3592 | | nvd |

| | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | | nvd |

| | | https://www.samba.org/samba/security/CVE-2022-3592.html | | nvd |

| samba | 4.17.2 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch | | samba |

| samba | 4.16.6 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.16.6-security-2022-10-25.patch | | samba |

| samba | 4.15.11 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.15.11-security-2022-10-25.patch | | samba |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

一、漏洞信息

漏洞编号：[CVE-2022-3592](https://nvd.nist.gov/vuln/detail/CVE-2022-3592)

漏洞归属组件：[libtalloc](https://gitee.com/src-openeuler/libtalloc)

漏洞归属的版本：2.3.1,2.3.3,2.3.4

CVSS V3.0分值：

BaseScore：6.5 Medium

Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

漏洞简述：

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make smbd escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the smbd configured share path and gain access to another restricted server s filesystem.

漏洞公开时间：2023-01-12 23:15:10

漏洞创建时间：2024-03-22 22:49:33

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2022-3592

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| secalert.redhat.com | https://security.gentoo.org/glsa/202309-06 | |

| secalert.redhat.com | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://www.samba.org/samba/security/CVE-2022-3592.html | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2022-3592 |

| samba | | https://www.samba.org//samba/security/CVE-2022-3437.html |

| samba | | https://www.samba.org//samba/security/CVE-2022-3592.html |

| gentoo | | https://security.gentoo.org/glsa/202309-06 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2022-3592 |

| cve_search | | https://access.redhat.com/security/cve/CVE-2022-3592 |

| cve_search | | https://www.samba.org/samba/security/CVE-2022-3592.html |

| cve_search | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| mageia | | http://advisories.mageia.org/MGASA-2023-0010.html |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| debian | https://security-tracker.debian.org/tracker/CVE-2022-3592 | |

| samba | https://www.samba.org//samba/security/CVE-2022-3437.html | |

| samba | https://www.samba.org//samba/security/CVE-2022-3592.html | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://access.redhat.com/security/cve/CVE-2022-3592 | | nvd |

| | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | | nvd |

| | | https://www.samba.org/samba/security/CVE-2022-3592.html | | nvd |

| samba | 4.17.2 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch | | samba |

| samba | 4.16.6 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.16.6-security-2022-10-25.patch | | samba |

| samba | 4.15.11 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.15.11-security-2022-10-25.patch | | samba |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

6.5

Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

受影响版本排查(受影响/不受影响)：

1.master(2.3.4):

2.openEuler-20.03-LTS-SP1(2.3.1):

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.3.3):

5.openEuler-22.03-LTS-Next(2.3.3):

6.openEuler-22.03-LTS-SP1:

7.openEuler-22.03-LTS-SP2:

8.openEuler-22.03-LTS-SP3:

9.openEuler-24.03-LTS:

修复是否涉及abi变化(是/否)：

1.master(2.3.4):

2.openEuler-20.03-LTS-SP1(2.3.1):

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.3.3):

5.openEuler-22.03-LTS-Next(2.3.3):

6.openEuler-22.03-LTS-SP1:

7.openEuler-22.03-LTS-SP2:

8.openEuler-22.03-LTS-SP3:

9.openEuler-24.03-LTS:

一、漏洞信息

漏洞编号：[CVE-2022-3592](https://nvd.nist.gov/vuln/detail/CVE-2022-3592)

漏洞归属组件：[libtalloc](https://gitee.com/src-openeuler/libtalloc)

漏洞归属的版本：2.3.1,2.3.3,2.3.4

CVSS V3.0分值：

BaseScore：6.5 Medium

Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

漏洞简述：

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make smbd escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the smbd configured share path and gain access to another restricted server s filesystem.

漏洞公开时间：2023-01-12 23:15:10

漏洞创建时间：2024-03-22 22:49:33

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2022-3592

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| secalert.redhat.com | https://security.gentoo.org/glsa/202309-06 | |

| secalert.redhat.com | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://www.samba.org/samba/security/CVE-2022-3592.html | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2022-3592 |

| samba | | https://www.samba.org//samba/security/CVE-2022-3437.html |

| samba | | https://www.samba.org//samba/security/CVE-2022-3592.html |

| gentoo | | https://security.gentoo.org/glsa/202309-06 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2022-3592 |

| cve_search | | https://access.redhat.com/security/cve/CVE-2022-3592 |

| cve_search | | https://www.samba.org/samba/security/CVE-2022-3592.html |

| cve_search | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| mageia | | http://advisories.mageia.org/MGASA-2023-0010.html |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| debian | https://security-tracker.debian.org/tracker/CVE-2022-3592 | |

| samba | https://www.samba.org//samba/security/CVE-2022-3437.html | |

| samba | https://www.samba.org//samba/security/CVE-2022-3592.html | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://access.redhat.com/security/cve/CVE-2022-3592 | | nvd |

| | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | | nvd |

| | | https://www.samba.org/samba/security/CVE-2022-3592.html | | nvd |

| samba | 4.17.2 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch | | samba |

| samba | 4.16.6 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.16.6-security-2022-10-25.patch | | samba |

| samba | 4.15.11 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.15.11-security-2022-10-25.patch | | samba |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

6.5

Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

受影响版本排查(受影响/不受影响)：

1.master(2.3.4):

2.openEuler-20.03-LTS-SP1(2.3.1):

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.3.3):

5.openEuler-22.03-LTS-Next(2.3.3):

6.openEuler-22.03-LTS-SP1:

7.openEuler-22.03-LTS-SP2:

8.openEuler-22.03-LTS-SP3:

9.openEuler-24.03-LTS:

修复是否涉及abi变化(是/否)：

1.master(2.3.4):

2.openEuler-20.03-LTS-SP1(2.3.1):

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.3.3):

5.openEuler-22.03-LTS-Next(2.3.3):

6.openEuler-22.03-LTS-SP1:

7.openEuler-22.03-LTS-SP2:

8.openEuler-22.03-LTS-SP3:

9.openEuler-24.03-LTS:

一、漏洞信息

漏洞编号：[CVE-2022-3592](https://nvd.nist.gov/vuln/detail/CVE-2022-3592)

漏洞归属组件：[libtalloc](https://gitee.com/src-openeuler/libtalloc)

漏洞归属的版本：2.3.1,2.3.3,2.3.4

CVSS V3.0分值：

BaseScore：6.5 Medium

Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

漏洞简述：

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make smbd escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the smbd configured share path and gain access to another restricted server s filesystem.

漏洞公开时间：2023-01-12 23:15:10

漏洞创建时间：2024-03-22 22:49:33

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2022-3592

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| secalert.redhat.com | https://security.gentoo.org/glsa/202309-06 | |

| secalert.redhat.com | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://www.samba.org/samba/security/CVE-2022-3592.html | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2022-3592 |

| samba | | https://www.samba.org//samba/security/CVE-2022-3437.html |

| samba | | https://www.samba.org//samba/security/CVE-2022-3592.html |

| gentoo | | https://security.gentoo.org/glsa/202309-06 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2022-3592 |

| cve_search | | https://access.redhat.com/security/cve/CVE-2022-3592 |

| cve_search | | https://www.samba.org/samba/security/CVE-2022-3592.html |

| cve_search | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| mageia | | http://advisories.mageia.org/MGASA-2023-0010.html |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| debian | https://security-tracker.debian.org/tracker/CVE-2022-3592 | |

| samba | https://www.samba.org//samba/security/CVE-2022-3437.html | |

| samba | https://www.samba.org//samba/security/CVE-2022-3592.html | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://access.redhat.com/security/cve/CVE-2022-3592 | | nvd |

| | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | | nvd |

| | | https://www.samba.org/samba/security/CVE-2022-3592.html | | nvd |

| samba | 4.17.2 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch | | samba |

| samba | 4.16.6 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.16.6-security-2022-10-25.patch | | samba |

| samba | 4.15.11 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.15.11-security-2022-10-25.patch | | samba |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

6.5

Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

受影响版本排查(受影响/不受影响)：

1.master(2.3.4):

2.openEuler-20.03-LTS-SP1(2.3.1):

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.3.3):

5.openEuler-22.03-LTS-Next(2.3.3):

6.openEuler-22.03-LTS-SP1:

7.openEuler-22.03-LTS-SP2:

8.openEuler-22.03-LTS-SP3:

9.openEuler-24.03-LTS:

修复是否涉及abi变化(是/否)：

1.master(2.3.4):

2.openEuler-20.03-LTS-SP1(2.3.1):

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.3.3):

5.openEuler-22.03-LTS-Next(2.3.3):

6.openEuler-22.03-LTS-SP1:

7.openEuler-22.03-LTS-SP2:

8.openEuler-22.03-LTS-SP3:

9.openEuler-24.03-LTS:

一、漏洞信息

漏洞编号：[CVE-2022-3592](https://nvd.nist.gov/vuln/detail/CVE-2022-3592)

漏洞归属组件：[libtalloc](https://gitee.com/src-openeuler/libtalloc)

漏洞归属的版本：2.3.1,2.3.3,2.3.4

CVSS V3.0分值：

BaseScore：6.5 Medium

Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

漏洞简述：

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make smbd escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the smbd configured share path and gain access to another restricted server s filesystem.

漏洞公开时间：2023-01-12 23:15:10

漏洞创建时间：2024-03-22 22:49:33

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2022-3592

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| secalert.redhat.com | https://security.gentoo.org/glsa/202309-06 | |

| secalert.redhat.com | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://www.samba.org/samba/security/CVE-2022-3592.html | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-3592 | https://ubuntu.com/security/CVE-2022-3592 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2022-3592 |

| samba | | https://www.samba.org//samba/security/CVE-2022-3437.html |

| samba | | https://www.samba.org//samba/security/CVE-2022-3592.html |

| gentoo | | https://security.gentoo.org/glsa/202309-06 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2022-3592 |

| cve_search | | https://access.redhat.com/security/cve/CVE-2022-3592 |

| cve_search | | https://www.samba.org/samba/security/CVE-2022-3592.html |

| cve_search | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 |

| mageia | | http://advisories.mageia.org/MGASA-2023-0010.html |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://access.redhat.com/security/cve/CVE-2022-3592 | |

| nvd | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| nvd | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2022-3592.html | |

| redhat_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | |

| debian | https://security-tracker.debian.org/tracker/CVE-2022-3592 | |

| samba | https://www.samba.org//samba/security/CVE-2022-3437.html | |

| samba | https://www.samba.org//samba/security/CVE-2022-3592.html | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://access.redhat.com/security/cve/CVE-2022-3592 | | nvd |

| | | https://bugzilla.redhat.com/show_bug.cgi?id=2137776 | | nvd |

| | | https://www.samba.org/samba/security/CVE-2022-3592.html | | nvd |

| samba | 4.17.2 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch | | samba |

| samba | 4.16.6 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.16.6-security-2022-10-25.patch | | samba |

| samba | 4.15.11 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.15.11-security-2022-10-25.patch | | samba |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

6.5

Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

受影响版本排查(受影响/不受影响)：

1.master(2.3.4):

2.openEuler-20.03-LTS-SP1(2.3.1):

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.3.3):

5.openEuler-22.03-LTS-Next(2.3.3):

6.openEuler-22.03-LTS-SP1:

7.openEuler-22.03-LTS-SP2:

8.openEuler-22.03-LTS-SP3:

9.openEuler-24.03-LTS:

修复是否涉及abi变化(是/否)：

1.master(2.3.4):

2.openEuler-20.03-LTS-SP1(2.3.1):

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.3.3):

5.openEuler-22.03-LTS-Next(2.3.3):

6.openEuler-22.03-LTS-SP1:

7.openEuler-22.03-LTS-SP2:

8.openEuler-22.03-LTS-SP3:

9.openEuler-24.03-LTS: