What is the 'Badlock Bug'?

What is BadLock

Badlock is a bug that affects Windows and Samba.

What Can hackers do with this security bug?

Two things:

• Man-in-the-middle (MITM) attacks:

• Denial-of-Service (DoS) attacks:

The Badlock CVE is: CVE-2016-2118. There are additional CVEs related to Badlock. Those are:

• CVE-2015-5370 (Multiple errors in DCE-RPC code)
• CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
• CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
• CVE-2016-2112 (LDAP client and server don't enforce integrity)
• CVE-2016-2113 (Missing TLS certificate validation)
• CVE-2016-2114 ("server signing = mandatory" not enforced)
• CVE-2016-2115 (SMB IPC traffic is not integrity protected)

Which versions of samba are affected

• 3.6.x,
• 4.0.x,
• 4.1.x,
• 4.2.0-4.2.9,
• 4.3.0-4.3.6,
• 4.4.0

Fix:

Download the patches for your version of samba, here:

• https://www.samba.org/samba/history/security.html

How bad is Badlock?

The severity of Badlock according to the Common Vulnerability Scoring System (CVSS):

CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Base: 7.1 (High); Temporal: 6.4 (Medium)

Notes:

With the release of Samba 4.4.0 on March 22nd the 4.1 release branch has been marked DISCONTINUED (see Samba Release Planning)

Further Reading:

• Bad Luck Over The Upcoming Badlock Vulnerability?

• WIRED, Hype Around the Mysterious 'Badlock' Bug Raises Criticism

Official badlock website:

• Badlock Bug

Links:

• GitHub: samba-team/samba:
  • Official GitHub mirror of https://git.samba.org/samba.git

See here for the Ubuntu security update packages:

https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1569497

Took a little while to get published, but a hell of a lot easier than patching 3.6.3 up to 3.6.25 and applying the official patches on top of that.

NB: I tried to build 3.6.25 from source on precise and failed. YMMV.