New vulnerability could expose companies to man-in-the-middle attacks. 

By: Steve Snelgrove
On April 12, Badlock, a security bug in Windows and Samba was disclosed.  It was discovered by Stefan Metzmacher, a member of the international Samba Core Team.

The SMB protocol was originally developed by Microsoft to enable various resource sharing and authentication features on local networks. For example, one use of the protocol is to allow several computers to share printers.

badlock, samba vulnerability
Samba is an open-source implementation of this protocol. With Samba, a Linux server can provide services and shared resources that both Linux and Windows computers can utilize.

Because both Microsoft’s and Samba’s protocol implementations are based on a common protocol conception, flaws in the underlying protocol will result in vulnerabilities in all implementation.

This is the case in the recently disclosed collection of vulnerabilities: Badlock.

What is Badlock? 

The researchers who worked on identifying these problems decided to give the collection of issues the name Badlock in order to promote awareness about these problems.

Badlock can be categorized as a man-in-the-middle attack or a denial of services attack.
  • Man-in-the-middle attacks: These attacks intercept and modify user permissions on files or directories. This attack could intercept DCE/RPC traffic between domain member and domain controller to impersonate the client and gain credentials. 
  • Denial of service attacks: These are attacks to make a machine or network unavailable to its intended users. Samba services are vulnerable to denial of service from an attacker with remote access connection to the Samba service.  
This vulnerability involves flaws in the coding and security protocol of the Samba application, potentially exposing these active directories that contain password data and other credentials. Hackers can gain access to the directories and get a lot of information about companies.

As a result, Badlock could potentially leave companies open to many types of cyber attacks, letting hackers get access to sensitive data.

Who is vulnerable? 

Many, if not most, versions of Windows and Linux operations systems may be vulnerable to Badlock.
The following Samba Applications running on Linux/Unix systems are vulnerable:
  • 3.6x
  • 4.0.x
  • 4.1.x
  • 4.2.0-4.2.9
  • 4.3.0-4.3.6
  • 4.4.0
The following supported editions of Windows are vulnerable:
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows  Server 2008 R2
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT 8.1
  • Windows 10
To put it simply, any Samba server as a domain member is vulnerable to this flaw. Practically every version of Windows and Linux operations systems has this defect in the security component.
Microsoft vulnerability

What can you do? 

Since this vulnerability has been discovered, security patches have been developed that will secure Badlock.

SEE ALSO: Security Patches in Your Business: Complying with PCI Requirement 6.1

For a Samba service running on Linux/Unix systems, apply the patches provided by the Team and SerNet for Enterprise SAMBA/SAMBA+ immediately.

For Windows users, refer to Microsoft for patch details.

According to the current security industry, there’s no immediate need to panic. There were some fundamental problems identified with the protocol and its implementation, but so far, the risks at present are not rated very high. Mounting an attack is also fairly difficult since the attacker has to already have access to the network.

That being said, it’s recommended you take action quickly, should you be vulnerable.

Need help with data security? Talk with one of our consulting experts!

Steven Snelgrove (CISSP) has been a Security Analyst at SecurityMetrics for over 7 years. Since 1980, Snelgrove has worked in the computer and telecommunications industry, and has familiarity with programming, software engineering, and network security. His current responsibilities includes the manual assessment of web applications and corporate networks, conducting ethical hacking to analyze security architecture, and consulting with organizations to help remediate issues. Snelgrove received a degree in Computer Science from Brigham Young University, and holds a CISSP (Certified Information Systems Security Professional) certification. 

data security learning center, SecurityMetrics

0 comments