Badlock April 12th, 2016


NAS

Recommended Posts

http://badlock.org/

 

Badlock Bug

 

On April 12th, 2016 a crucial security bug in Windows and Samba will be disclosed. We call it: Badlock.

 

Engineers at Microsoft and the Samba Team are working together to get this problem fixed. Patches will be released on April 12th.

 

Admins and all of you responsible for Windows or Samba server infrastructure: Mark the date. (Again: It's April 12th, 2016.)

 

Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information.

 

Link to comment
  • 3 weeks later...

It is released.

 

Is there a CVE for Badlock?

 

Yes. Badlock is referenced by CVE-2016-2118 (SAMR and LSA man in the middle attacks possible).

 

There are additional CVEs related to Badlock. Those are:

 

    CVE-2015-5370 (Multiple errors in DCE-RPC code)

    CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)

    CVE-2016-2111 (NETLOGON Spoofing Vulnerability)

    CVE-2016-2112 (LDAP client and server don't enforce integrity)

    CVE-2016-2113 (Missing TLS certificate validation)

    CVE-2016-2114 ("server signing = mandatory" not enforced)

    CVE-2016-2115 (SMB IPC traffic is not integrity protected)

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.