CVE-2016-2118: Samba Badlock vulnerability

CVE ID

CVE-2016-2118

DESCRIPTION

A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database.

Unitrends risk assessment: Severity Low

The samba configuration on Unitrends systems is using share security with restriction by IP address, so there is no samba user/password information to be revealed. This is a much greater risk on Windows systems or with Active Directory.

RESOLUTION

Fixed in CentOS6 update versions: samba-3.6.23-30.el6_7

To apply the fix, download the latest Unitrends security update from the ftp site.
 

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us