Microsoft, Samba Badlock flaw not critical, but serious enough

Microsoft and the Samba project fixed a vulnerability in their implementation of the SMB/CIFS protocol after the flaw was initially announced three weeks ago under the name Badlock.

The vulnerability, covered by Microsoft in its MS16-047 security bulletin published Tuesday, was also fixed in Samba 4.4.2, 4.3.8 and 4.2.11. It could allow a man-in-the-middle attacker to impersonate an authenticated user and execute arbitrary network calls to the server, possibly with administrative privileges.

Badlock’s existence was announced on March 22 by a company called SerNet, which offers Samba consulting, support and development services. It employs the person who found the flaw: A Samba development team member named Stefan Metzmacher.

To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3055917/security/microsoft-samba-badlock-flaw-not-critical-but-serious-enough.html#tk.rss_all

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: