Web lists-archives.com

Re: [Samba] CVSS V3 score for CVE-2017-15275

On Tue, 2018-02-06 at 13:58 +0530, Arjit Gupta via samba wrote:
> Hi Team ,
> Please help us know the CVSS V3 score for CVE-2017-15275.
> NVD <https://nvd.nist.gov/vuln/detail/CVE-2017-15275> and redhat
> <https://access.redhat.com/security/cve/cve-2017-15275> have different
> score.

The difference seems to be the Network vs Adjacent network choice,
which really comes down to if you allow SMB across network segments
(many organisations routinely firewall that off, so this might be why
Red Hat says Adjacent network). 

I hope this helps,

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba