Badlock is a a crucial security bug in Windows and Samba. Samba 4.4.2, 4.3.8 and 4.2.11 Security Releases are available [here].
Microsoft and the Samba Team have been working together in order to get this problem fixed and for a patch to be released. You will have to update your systems as this security flaw is expected to be actively exploited soon enough.
Badlock is referenced by CVE-2016-2118 (SAMR and LSA man in the middle attacks possible).
There are additional CVEs related to Badlock. Those are:
Badlock is referenced by CVE-2016-2118 (SAMR and LSA man in the middle attacks possible).
There are additional CVEs related to Badlock. Those are:
- CVE-2015-5370 (Multiple errors in DCE-RPC code)
- CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
- CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
- CVE-2016-2112 (LDAP client and server don't enforce integrity)
- CVE-2016-2113 (Missing TLS certificate validation)
- CVE-2016-2114 ("server signing = mandatory" not enforced)
- CVE-2016-2115 (SMB IPC traffic is not integrity protected)
No comments:
Post a Comment