Microsoft and the Samba project fixed a vulnerability in their implementation of the SMB/CIFS protocol after the flaw was initially announced three weeks ago under the name Badlock.
The vulnerability, covered by Microsoft in its MS16-047 security bulletin published Tuesday, was also fixed in Samba 4.4.2, 4.3.8 and 4.2.11. It could allow a man-in-the-middle attacker to impersonate an authenticated user and execute arbitrary network calls to the server, possibly with administrative privileges.
Badlock’s existence was announced on March 22 by a company called SerNet, which offers Samba consulting, support and development services. It employs the person who found the flaw: A Samba development team member named Stefan Metzmacher.
Original URL: http://www.computerworld.com/article/3055917/security/microsoft-samba-badlock-flaw-not-critical-but-serious-enough.html#tk.rss_all