New vulnerability could expose companies to man-in-the-middle attacks.
|By: Steve Snelgrove
The SMB protocol was originally developed by Microsoft to enable various resource sharing and authentication features on local networks. For example, one use of the protocol is to allow several computers to share printers.
Because both Microsoft’s and Samba’s protocol implementations are based on a common protocol conception, flaws in the underlying protocol will result in vulnerabilities in all implementation.
This is the case in the recently disclosed collection of vulnerabilities: Badlock.
What is Badlock?The researchers who worked on identifying these problems decided to give the collection of issues the name Badlock in order to promote awareness about these problems.
Badlock can be categorized as a man-in-the-middle attack or a denial of services attack.
- Man-in-the-middle attacks: These attacks intercept and modify user permissions on files or directories. This attack could intercept DCE/RPC traffic between domain member and domain controller to impersonate the client and gain credentials.
- Denial of service attacks: These are attacks to make a machine or network unavailable to its intended users. Samba services are vulnerable to denial of service from an attacker with remote access connection to the Samba service.
As a result, Badlock could potentially leave companies open to many types of cyber attacks, letting hackers get access to sensitive data.
Who is vulnerable?
Many, if not most, versions of Windows and Linux operations systems may be vulnerable to Badlock.The following Samba Applications running on Linux/Unix systems are vulnerable:
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Windows 8.1
- Windows Server 2012
- Windows Server 2012 R2
- Windows RT 8.1
- Windows 10
What can you do?Since this vulnerability has been discovered, security patches have been developed that will secure Badlock.
SEE ALSO: Security Patches in Your Business: Complying with PCI Requirement 6.1
For a Samba service running on Linux/Unix systems, apply the patches provided by the Team and SerNet for Enterprise SAMBA/SAMBA+ immediately.
For Windows users, refer to Microsoft for patch details.
According to the current security industry, there’s no immediate need to panic. There were some fundamental problems identified with the protocol and its implementation, but so far, the risks at present are not rated very high. Mounting an attack is also fairly difficult since the attacker has to already have access to the network.
That being said, it’s recommended you take action quickly, should you be vulnerable.
Need help with data security? Talk with one of our consulting experts!
Steven Snelgrove (CISSP) has been a Security Analyst at SecurityMetrics for over 7 years. Since 1980, Snelgrove has worked in the computer and telecommunications industry, and has familiarity with programming, software engineering, and network security. His current responsibilities includes the manual assessment of web applications and corporate networks, conducting ethical hacking to analyze security architecture, and consulting with organizations to help remediate issues. Snelgrove received a degree in Computer Science from Brigham Young University, and holds a CISSP (Certified Information Systems Security Professional) certification.