[Samba] Severity of unpublished CVE-2017-2619 and CVE-2017-7494

Arjit Gupta arjitk.gupta at gmail.com
Fri May 26 08:17:23 UTC 2017


Thanks for the analysis of second bug.
Please also share CVSSv3 score for first bug.

Arjit Kumar


On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org>
wrote:

> On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote:
> > Hi Team,
> >
> > Please let me know the severity of CVE-2017-2619 and  CVE-2017-7494.
>
> They are not unpublished:
>
> https://www.samba.org/samba/security/CVE-2017-2619.html
>
> https://www.samba.org/samba/security/CVE-2017-7494.html
>
> For this second bug, I did some work on CVSS scores:
>
> I've had a go at a CVSSv3 score for the normal case here (password
> required to
> write to shares):
>
> AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (8.2)
>
> https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
> R:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
>
> for the AD DC, assuming only sysvol/netlogon shares (which should be
> admin-only) but that administrator isn't root:
>
> AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (6.7)
>
> https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
> R:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
>
> Naturally if the users who can write to your Samba shares also hold the
> root
> password then this isn't really an issue, unless you assume some attack
> to drop
> a specific .so on a share.
>
> That would be:
>
> AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (7.0)
>
> https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/P
> R:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
>
> Finally, if you allow guest upload of files, then be worried:
>
> AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (9.1)
>
> https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
> R:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
>
>
> Feedback welcome.  I'm just hoping this helps folks who need to
> classify this.
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/
> services/samba
>
>


More information about the samba mailing list