NAS Posted March 24, 2016 Share Posted March 24, 2016 http://badlock.org/ Badlock Bug On April 12th, 2016 a crucial security bug in Windows and Samba will be disclosed. We call it: Badlock. Engineers at Microsoft and the Samba Team are working together to get this problem fixed. Patches will be released on April 12th. Admins and all of you responsible for Windows or Samba server infrastructure: Mark the date. (Again: It's April 12th, 2016.) Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information. Quote Link to comment
NAS Posted April 12, 2016 Author Share Posted April 12, 2016 It is released. Is there a CVE for Badlock? Yes. Badlock is referenced by CVE-2016-2118 (SAMR and LSA man in the middle attacks possible). There are additional CVEs related to Badlock. Those are: CVE-2015-5370 (Multiple errors in DCE-RPC code) CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) CVE-2016-2111 (NETLOGON Spoofing Vulnerability) CVE-2016-2112 (LDAP client and server don't enforce integrity) CVE-2016-2113 (Missing TLS certificate validation) CVE-2016-2114 ("server signing = mandatory" not enforced) CVE-2016-2115 (SMB IPC traffic is not integrity protected) Quote Link to comment
landS Posted April 14, 2016 Share Posted April 14, 2016 I am hoping for an imminent 6.1.9.1 patch... Quote Link to comment
NAS Posted April 15, 2016 Author Share Posted April 15, 2016 https://sadlock.org/ Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.