Arjit Gupta
2017-May-26 06:06 UTC
[Samba] Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Hi Team, Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. Arjit Kumar
Andrew Bartlett
2017-May-26 06:59 UTC
[Samba] Severity of unpublished CVE-2017-2619 and CVE-2017-7494
On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote:> Hi Team, > > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.They are not unpublished: https://www.samba.org/samba/security/CVE-2017-2619.html https://www.samba.org/samba/security/CVE-2017-7494.html For this second bug, I did some work on CVSS scores: I've had a go at a CVSSv3 score for the normal case here (password required to write to shares): AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (8.2) https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P R:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C for the AD DC, assuming only sysvol/netlogon shares (which should be admin-only) but that administrator isn't root: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (6.7) https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P R:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C Naturally if the users who can write to your Samba shares also hold the root password then this isn't really an issue, unless you assume some attack to drop a specific .so on a share. That would be: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (7.0) https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/P R:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C Finally, if you allow guest upload of files, then be worried: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (9.1) https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P R:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C Feedback welcome. I'm just hoping this helps folks who need to classify this. -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Arjit Gupta
2017-May-26 08:17 UTC
[Samba] Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Thanks for the analysis of second bug. Please also share CVSSv3 score for first bug. Arjit Kumar On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org> wrote:> On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote: > > Hi Team, > > > > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. > > They are not unpublished: > > https://www.samba.org/samba/security/CVE-2017-2619.html > > https://www.samba.org/samba/security/CVE-2017-7494.html > > For this second bug, I did some work on CVSS scores: > > I've had a go at a CVSSv3 score for the normal case here (password > required to > write to shares): > > AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (8.2) > > https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P > R:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C > > for the AD DC, assuming only sysvol/netlogon shares (which should be > admin-only) but that administrator isn't root: > > AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (6.7) > > https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P > R:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C > > Naturally if the users who can write to your Samba shares also hold the > root > password then this isn't really an issue, unless you assume some attack > to drop > a specific .so on a share. > > That would be: > > AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (7.0) > > https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/P > R:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C > > Finally, if you allow guest upload of files, then be worried: > > AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (9.1) > > https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P > R:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C > > > Feedback welcome. I'm just hoping this helps folks who need to > classify this. > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/ > services/samba > >
Reasonably Related Threads
- Severity of unpublished CVE-2017-2619 and CVE-2017-7494
- Severity of unpublished CVE-2017-2619 and CVE-2017-7494
- CESA-2013:X012 Xen4CentOS Medium kernel Security Update
- CentOS-announce Digest, Vol 105, Issue 5
- CESA-2014:X011 Moderate kernel Xen4CentOS Security Update