search for: cvssv3

Thanks for the analysis of second bug. Please also share CVSSv3 score for first bug. Arjit Kumar On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org> wrote: > On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote: > > Hi Team, > > > > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494...

Hi Team, Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. Arjit Kumar

...> > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. They are not unpublished: https://www.samba.org/samba/security/CVE-2017-2619.html https://www.samba.org/samba/security/CVE-2017-7494.html For this second bug, I did some work on CVSS scores: I've had a go at a CVSSv3 score for the normal case here (password required to write to shares): AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (8.2) https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P R:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C for the AD DC, assuming only sysvol/netlogon shares (which...

...6.10 ================== Patch Availability ================== A patch is available as an attachment on the bug report. It can be applied from v6.10 down to v6.2 included. A backported patch is also available for v6.1 and under. https://bugzilla.samba.org/show_bug.cgi?id=14442 ================== CVSSv3 calculation ================== CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N (4.4) ========================= Workaround and mitigation ========================= For systems that cannot be updated a wrapper executable around mount.cifs can be installed. This wrapper simply calls the original mount...